~ Rapport de ZHPDiag v2013.9.13.23 - Nicolas Coolman (11/09/2013) ~ Lancé par Corentin (13/09/2013 22:52:13) ~ Adresse du Site Web http://nicolascoolman.webs.com ~ Traduit par Nicolas Coolman ~ Etat de la version : ~ Liste blanche : Désactivée par l'utilisateur ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Deactivate by program ---\\ Navigateurs Internet MSIE: Internet Explorer v10.0.9200.16660 (Defaut) MFIE: Mozilla Firefox 23.0.1 ---\\ Informations sur les produits Windows ~ Langage: Français Windows 8 Business Edition, 64-bit (Build 9200) Windows Server License Manager Script : OK ~ ion : Windows(R) Operating System, RETAIL channel Windows ID Activation : OK ~ Windows Partial Key : 6Q4DH Windows License : OK ~ Windows Remaining Initializations Number : 1000 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ Logiciels de protection du système ESET Online Scanner v3 Windows Defender W8 ---\\ Logiciels d'optimisation du système ---\\ Logiciels de partage PeerToPeer Pando Media Booster v2.6.0.7 ---\\ Surveillance de Logiciels Adobe Flash Player 11 Plugin Java 7 Update 25 ---\\ Informations sur le système ~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 8168 MB (79% free) System Restore: Activé (Enable) System drive C: has 52 GB (46%) free of 111 GB ---\\ Mode de connexion au système ~ Computer Name: CORENTIN ~ User Name: Corentin ~ All Users Names: UpdatusUser, HomeGroupUser$, Corentin, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppData% : C:\Users\Corentin\AppData\Roaming\ ~ %Desktop% : C:\Users\Corentin\Desktop\ ~ %Favorites% : C:\Users\Corentin\Favorites\ ~ %LocalAppData% : C:\Users\Corentin\AppData\Local\ ~ %StartMenu% : C:\Users\Corentin\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumération des unités disques C:\ Hard drive, Flash drive, Thumb drive (Free 52 Go of 111 Go) D:\ Hard drive, Flash drive, Thumb drive (Free 589 Go of 932 Go) ---\\ Etat du Centre de Sécurité Windows [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK ~ Security Center: 29 Scanned in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Explorateur Windows.) (.01/06/2013 - 12:34:21.) -- C:\Windows\Explorer.exe [2391280] [MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Application de démarrage de Windows.) (.26/07/2012 - 04:08:50.) -- C:\Windows\System32\Wininit.exe [132608] [MD5.AC155DD9BD1E6D3B740826A4D1C68AAE] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.26/07/2013 - 06:13:37.) -- C:\Windows\System32\wininet.dll [2241024] [MD5.BCF2036A0DD579E47C008C133550283E] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.11/10/2012 - 06:46:58.) -- C:\Windows\System32\Winlogon.exe [517120] [MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Bibliothèque de licences.) (.26/07/2012 - 04:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408] [MD5.36D6A3201721558A8AFBCC09C2DA4C2C] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.06/11/2012 - 04:53:44.) -- C:\Windows\system32\Drivers\AFD.sys [560640] [MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 06:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840] [MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26/07/2012 - 03:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544] [MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26/07/2012 - 03:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080] [MD5.09D9EB9E7898F8E6561473A20CC808B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/07/2012 - 03:26:53.) -- C:\Windows\system32\Drivers\DfsC.sys [118784] [MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/09/2012 - 07:08:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168] [MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Pilote de port i8042.) (.26/07/2012 - 03:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640] [MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.26/07/2012 - 03:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920] [MD5.93179D48066918323628CB016D8C94DC] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.05/02/2013 - 23:29:09.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688] [MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.26/07/2012 - 03:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776] [MD5.76929F4A69E425911A63B407E26C2589] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.02/02/2013 - 11:54:54.) -- C:\Windows\system32\Drivers\ntfs.sys [1933544] [MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Pilote de port parallèle.) (.26/07/2012 - 03:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984] [MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26/07/2012 - 03:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928] [MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.26/07/2012 - 03:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712] [MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 06:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248] [MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.01/06/2013 - 12:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 0/1 ~ Mes musiques (My Musics) : 0/7 ~ Mes Videos (My Videos) : 0/1 ~ Mes Favoris (My Favorites) : 0/3 ~ Mes Documents (My Documents) : 0/506 ~ Mon Bureau (My Desktop) : 1/48782 ~ Menu demarrer (Programs) : 0/23 ~ Hidden Files: Scanned in 00mn 01s ---\\ Processus lancés [MD5.18A60DCA97EAC258ED4AC781374DC093] - (.NVIDIA Corporation - NVIDIA NvTmru Application.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028896] [PID.2320] [MD5.7E4AD8220AF0B281274F9785DD53E25C] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [18642024] [PID.5184] [MD5.A9F9D081518AC03A51C1195986076F42] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392] [PID.4260] [MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816] [PID.5116] [MD5.B4CF3FB7E9B8EA69757541DCE6CA20ED] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [276376] [PID.5304] [MD5.72EF708552059546B1AAA82E7AA59439] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [17304] [PID.5896] [MD5.D8425B8D6DC2AA8D871363B0775BCF18] - (.Adobe Systems, Inc. - Adobe Flash Player 11.8 r800.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe [1861512] [PID.6104] [MD5.2A2BAD68A0975ED23328C8A220D6C24B] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7946240] [PID.3288] [MD5.76C7617847CCE2E948701365BEB45CE2] - (.Woodtale Technology Inc - eBPSvc.) -- C:\Users\Corentin\AppData\Local\DProtect\DProtectSvc.exe [342592] [PID.964] =>Trojan.Staser [MD5.4FE5C6D40664AE07BE5105874357D2ED] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [57008] [PID.1880] [MD5.BC120F98DCA622BE48D16B4A5714CA71] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2155296] [PID.2212] [MD5.402794A75A899E296AB3EDEC4ECCB9A8] - (.TeamViewer GmbH - TeamViewer 8.) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [4153184] [PID.2372] ~ Processes Running: Scanned in 00mn 00s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) M0 - MFSP: prefs.js [Corentin - pk4pgihm.default] http://www.qvo6.com =>Hijacker.Qvo6 M2 - MFEP: prefs.js [Corentin - pk4pgihm.default\bytubed@cs213.cse.iitk.ac.in] [] BYTubeD - Bulk YouTube video Downloader v1.1.1 (..) P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll P2 - FPN: [HKCU] [pandonetworks.com/PandoWebPlugin] - (.Pando Networks - Pando Web Plugin.) -- C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll ~ Firefox Browser: 4 Scanned in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com =>Hijacker.Qvo6 R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://google.fr R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R3 - URLSearchHook: Microsoft Url Search Hook [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (10.00.9200.16384 (win8_rtm.120725-1247)) -- C:\Windows\SysWOW64\ieframe.dll ~ IE Browser: 11 Scanned in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: Java(tm) Plug-In SSV Helper [64Bits] - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Logitech SetPoint [64Bits] - {AF949550-9094-4807-95EC-D1C317803333} . (.Logitech, Inc. - Logitech SetPoint.) -- C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper [64Bits] - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll ~ BHO: 4 Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Desktop [Public]: GeForce Experience.lnk . (.NVIDIA - NVIDIA GeForce Experience.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe O4 - GS\Desktop [Public]: Skype.lnk . (...) -- C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe O4 - GS\Desktop [Public]: VLC media player.lnk . (.VideoLAN - VLC media player 2.0.8.) -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe O4 - GS\Desktop [Public]: Warcraft III - The Frozen Throne.lnk . (.Blizzard Entertainment - Frozen Throne.) -- C:\Program Files (x86)\Warcraft III\Frozen Throne.exe O4 - GS\Desktop [Public]: Warcraft III.lnk . (.Blizzard Entertainment - Warcraft III.) -- C:\Program Files (x86)\Warcraft III\Warcraft III.exe O4 - GS\Desktop [Public]: ZHP.lnk . (.Nicolas Coolman - ZHPDiag Setup.) -- C:\Program Files (x86)\ZebHelpProcess\ZHPHep.exe O4 - GS\Desktop [Public]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag Setup.) -- C:\Program Files (x86)\ZHPDiag\ZHPhep.exe O4 - GS\Desktop [Public]: ZHPFix.lnk . (.Nicolas Coolman - ZHPDiag Setup.) -- C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe O4 - GS\Program [Public]: Apple Software Update.lnk . (...) -- C:\Windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe O4 - GS\Program [Public]: Browser Choice.lnk . (...) -- C:\Windows\BrowserChoice\html\default.html O4 - GS\Program [Public]: JDownloader Uninstaller.lnk . (.AppWork GmbH - JDownloader.) -- C:\Program Files (x86)\JDownloader\JDUninstall.exe O4 - GS\Program [Public]: JDownloader Update.lnk . (...) -- C:\Program Files (x86)\JDownloader\JDUpdate.exe O4 - GS\Program [Public]: JDownloader.lnk . (.AppWork GmbH - JDownloader 0.9.) -- C:\Program Files (x86)\JDownloader\JDownloaderPortable.exe O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.qvo6.com =>Hijacker.Qvo6 O4 - GS\Program [Public]: TeamViewer 8.lnk . (.TeamViewer GmbH - TeamViewer 8.) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe O4 - GS\Program [Public]: Windows Store.lnk . (...) -- C:\Windows\WinStore\WinStore.htm O4 - GS\Accessories [Public]: Calculator.lnk . (.Microsoft Corporation - Calculatrice de Windows.) -- C:\Windows\system32\calc.exe O4 - GS\Accessories [Public]: Math Input Panel.lnk . (...) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\mip.exe (.not file.) O4 - GS\Accessories [Public]: Paint.lnk . (.Microsoft Corporation - Paint.) -- C:\Windows\system32\mspaint.exe O4 - GS\Accessories [Public]: Remote Desktop Connection.lnk . (.Microsoft Corporation - Connexion Bureau à distance.) -- C:\Windows\system32\mstsc.exe O4 - GS\Accessories [Public]: Snipping Tool.lnk . (.Microsoft Corporation - Outil Capture d’écran.) -- C:\Windows\system32\SnippingTool.exe O4 - GS\Accessories [Public]: Sound Recorder.lnk . (.Microsoft Corporation - Magnétophone Windows.) -- C:\Windows\system32\SoundRecorder.exe O4 - GS\Accessories [Public]: Steps Recorder.lnk . (.Microsoft Corporation - Enregistreur d’actions.) -- C:\Windows\system32\psr.exe O4 - GS\Accessories [Public]: Sticky Notes.lnk . (.Microsoft Corporation - Pense-bête.) -- C:\Windows\system32\StikyNot.exe O4 - GS\Accessories [Public]: Windows Fax and Scan.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe O4 - GS\Accessories [Public]: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe O4 - GS\Accessories [Public]: Wordpad.lnk . (.Microsoft Corporation - Application Windows Wordpad.) -- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe O4 - GS\Accessories [Public]: XPS Viewer.lnk . (.Microsoft Corporation - Visionneuse XPS.) -- C:\Windows\system32\xpsrchvw.exe O4 - GS\SystemTools [Public]: Character Map.lnk . (.Microsoft Corporation - Table des caractères.) -- C:\Windows\system32\charmap.exe O4 - GS\Accessories [UpdatusUser]: Notepad.lnk . (.Microsoft Corporation - Bloc-notes.) -- C:\Windows\system32\notepad.exe O4 - GS\QuickLaunch [Corentin]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com =>Hijacker.Qvo6 O4 - GS\TaskBar [Corentin]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.qvo6.com =>Hijacker.Qvo6 O4 - GS\TaskBar [Corentin]: Play League of Legends.lnk . (...) -- C:\Riot Games\League of Legends\lol.launcher.exe O4 - GS\TaskBar [Corentin]: TeamViewer 8.lnk . (.TeamViewer GmbH - TeamViewer 8.) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe O4 - GS\Program [Corentin]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com =>Hijacker.Qvo6 O4 - GS\Accessories [Corentin]: Notepad.lnk . (.Microsoft Corporation - Bloc-notes.) -- C:\Windows\system32\notepad.exe O4 - GS\SendTo [Corentin]: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe O4 - GS\SendTo [Corentin]: Transfert de fichiers Bluetooth.LNK . (.Microsoft Corporation - Pas de description.) -- C:\Windows\System32\fsquirt.exe O4 - GS\Desktop [Corentin]: Any Video Converter.lnk . (.AnvSoft Inc. - Any Video Converter.) -- C:\Program Files (x86)\AnvSoft\Any Video Converter\AVCFree.exe O4 - GS\Desktop [Corentin]: JDownloader.lnk . (.AppWork GmbH - JDownloader 0.9.) -- C:\Program Files (x86)\JDownloader\JDownloaderPortable.exe ~ Global Startup: 40 Scanned in 00mn 00s ---\\ Applications lancées au démarrage du sytème (O4) O4 - HKLM\..\Run: [Nvtmru] . (.NVIDIA Corporation - NVIDIA NvTmru Application.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe O4 - HKLM\..\Run: [RtHDVBg_DTS] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe O4 - HKLM\..\Run: [EvtMgr6] . (.Logitech, Inc. - Logitech SetPoint Event Manager (UNICODE).) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe ~ Application: Scanned in 00mn 00s ---\\ Invisibilité de l'icône d'options IE dans le panneau de Configuration (O5) O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no ~ IE Control Panel: 1 Scanned in 00mn 00s ---\\ Winsock hijacker (Layered Service Provider) (O10) O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d’affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\system32\mswsock.dll O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corporation - Windows Sockets Helper DLL.) -- C:\Windows\system32\wshbth.dll O10 - WLSP:\000000000008\Winsock LSP File . (.Apple Inc. - Bonjour Namespace Provider.) -- C:\Program Files (x86)\Bonjour\mdnsNSP.dll ~ Winsock: 8 Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{6F65DC13-13B3-42D1-9445-B6D52FDA72C3}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CS1\Services\Tcpip\..\{6F65DC13-13B3-42D1-9445-B6D52FDA72C3}: DhcpNameServer = 192.168.0.254 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: LBTWlgn . (.Logitech, Inc. - Logitech Bluetooth Service.) -- c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - AppInit_DLLs: . (...) - C:\Program Files (x86)\OPTIMI~1\OPTPRO~2.dll (.not file.) ~ AppInit DLL: Scanned in 00mn 00s ---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. ~ SSODL: 1 Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Apple Mobile Device (Apple Mobile Device) . (.Apple Inc. - MobileDeviceService.) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AtherosSvc (AtherosSvc) . (.Atheros Commnucations - AdminService Application.) - C:\Windows\System32\AdminService.exe O23 - Service: Service Bonjour (Bonjour Service) . (.Apple Inc. - Bonjour Service.) - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DTSAudioService (DTSAudioService) . (.DTS - DTS Audio Service.) - C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe O23 - Service: Intel(R) Capability Licensing Service In (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation - Intel(R) Capability Licensing Service Inter.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: NVIDIA Streamer Service (NvStreamSvc) . (.NVIDIA Corporation - NVIDIA Streamer Service.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 320.4.) - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) . (.NVIDIA Corporation - NVIDIA Settings Update Manager.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) . (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: TeamViewer 8 (TeamViewer8) . (.TeamViewer GmbH - TeamViewer 8.) - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe O23 - Service: (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (.not file.) ~ Services: 11 Scanned in 00mn 01s ---\\ Enumération Active Desktop & MHTML Editor (O24) O24 - Default MHTML Editor: Last - .(...) - (.not file.) ~ Desktop Component: 4 Scanned in 00mn 00s ---\\ Enumère les données de BootExecute (BEX) (O34) O34 - HKLM BootExecute: (autocheck autochk *) - File not found ~ BEX: 1 Scanned in 00mn 00s ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Adobe Flash Player Updater.job [1002] [MD5.476BB014F3F68C0C15EDDD5B444DA8FF] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [257416] [MD5.C34968C46A99BBD6248D30F9F1B778C2] [APT] [BoxSoftwareUpdate] (...) -- C:\ProgramData\BoxUpdChk\updchk.exe [177152] [MD5.34EBD4FF6A24D86BB4716D6AFCC1A89B] [APT] [AppleSoftwareUpdate] (.Apple Inc..) -- C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [561984] ~ Scheduled Task: 4 Scanned in 00mn 00s ---\\ Composants installés (ActiveSetup Installed Components) (O40) O40 - ASIC: Microsoft Windows Media Player [64Bits] - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Ressources du Lecteur Windows Media.) -- C:\Windows\System32\wmploc.dll O40 - ASIC: Microsoft Windows Media Player 12.0 [64Bits] - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\Windows\SysWOW64\wmpdxm.dll O40 - ASIC: Themes Setup [64Bits] - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} . (.Microsoft Corporation - API Windows Theme.) -- C:\Windows\System32\themeui.dll O40 - ASIC: Microsoft Windows [64Bits] - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files (x86)\Windows Mail\WinMail.exe O40 - ASIC: Browsing Enhancements [64Bits] - {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation - Extension Shell dossier FTP Microsoft Internet Explorer..) -- C:\Windows\System32\msieftp.dll O40 - ASIC: Microsoft Windows Media Player [64Bits] - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - Ressources du Lecteur Windows Media.) -- C:\Windows\System32\wmploc.dll O40 - ASIC: Windows Desktop Update [64Bits] - {89820200-ECBD-11cf-8B85-00AA005B4340} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll O40 - ASIC: Web Platform Customizations [64Bits] - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe O40 - ASIC: (no name) [64Bits] - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\System32\mscories.dll ~ Active Setup: 9 Scanned in 00mn 00s ---\\ Pilotes lancés au démarrage du système (O41) O41 - Driver: C:\Windows\System32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) - C:\Windows\system32\drivers\afd.sys O41 - Driver: (BasicDisplay) . (.Microsoft Corporation - Microsoft Basic Display Driver.) - C:\Windows\system32\drivers\BasicDisplay.sys O41 - Driver: (BasicRender) . (.Microsoft Corporation - Microsoft Basic Render Driver.) - C:\Windows\system32\drivers\BasicRender.sys O41 - Driver: cdrom.inf (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\system32\drivers\cdrom.sys O41 - Driver: C:\Windows\System32\cscsvc.dll (CSC) . (.Microsoft Corporation - Windows Client Side Caching Driver.) - C:\Windows\System32\drivers\csc.sys O41 - Driver: C:\Windows\System32\drivers\dam.sys (dam) . (.Microsoft Corporation - DAM Kernel Driver.) - C:\Windows\System32\drivers\dam.sys O41 - Driver: C:\Windows\System32\wkssvc.dll (Dfsc) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys O41 - Driver: C:\Windows\System32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\System32\drivers\discache.sys O41 - Driver: mssmbios.inf (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\system32\drivers\mssmbios.sys O41 - Driver: netnb.inf (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys O41 - Driver: C:\Windows\System32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys O41 - Driver: npsvctrig.inf (npsvctrig) . (.Microsoft Corporation - Named pipe service triggers.) - C:\Windows\system32\drivers\npsvctrig.sys O41 - Driver: C:\Windows\System32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys O41 - Driver: C:\Windows\System32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\system32\DRIVERS\pacer.sys O41 - Driver: C:\Windows\System32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Pilote du sous-système de mise en mémoire t.) - C:\Windows\System32\DRIVERS\rdbss.sys O41 - Driver: C:\Windows\System32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\system32\DRIVERS\tdx.sys O41 - Driver: C:\Windows\System32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\system32\DRIVERS\wanarp.sys ~ Drivers: 34 Scanned in 00mn 00s ---\\ Logiciels installés (O42) O42 - Logiciel: Adobe Flash Player 11 Plugin - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player Plugin O42 - Logiciel: Any Video Converter 5.0.7 - (.Any-Video-Converter.com.) [HKLM][64Bits] -- Any Video Converter_is1 O42 - Logiciel: Apple Application Support - (.Apple Inc..) [HKLM][64Bits] -- {5D09C772-ECB3-442B-9CC6-B4341C78FDC2} O42 - Logiciel: Apple Mobile Device Support - (.Apple Inc..) [HKLM][64Bits] -- {2F72F540-1F60-4266-9506-952B21D6640D} O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM][64Bits] -- {789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE} O42 - Logiciel: Bonjour - (.Apple Inc..) [HKLM][64Bits] -- {6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D} O42 - Logiciel: DProtect - (.DProtect Lab.) [HKLM][64Bits] -- DProtect =>Trojan.Staser O42 - Logiciel: ESET Online Scanner v3 - (...) [HKLM][64Bits] -- ESET Online Scanner O42 - Logiciel: FileZilla Client 3.7.3 - (.Tim Kosse.) [HKCU][64Bits] -- FileZilla Client O42 - Logiciel: Intel(R) Management Engine Components - (.Intel Corporation.) [HKLM][64Bits] -- {65153EA5-8B6E-43B6-857B-C6E4FC25798A} O42 - Logiciel: Intel® Trusted Connect Service Client - (.Intel Corporation.) [HKLM][64Bits] -- {F4404AFD-2EF3-40C1-8C09-29E5F3B6972B} O42 - Logiciel: JDownloader 0.9 - (.AppWork GmbH.) [HKLM][64Bits] -- 5513-1208-7298-9440 O42 - Logiciel: Java 7 Update 25 - (.Oracle.) [HKLM][64Bits] -- {26A24AE4-039D-4CA4-87B4-2F83217025FF} O42 - Logiciel: League of Legends - (.Riot Games.) [HKLM][64Bits] -- League of Legends 3.0.1 O42 - Logiciel: League of Legends - (.Riot Games.) [HKLM][64Bits] -- {3E75652D-99B1-417E-B163-BEF33CAD3F16} O42 - Logiciel: Logitech SetPoint 6.52 - (.Logitech.) [HKLM][64Bits] -- sp6 O42 - Logiciel: Mises à jour NVIDIA 8.3.14 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update O42 - Logiciel: Mozilla Firefox 23.0.1 (x86 fr) - (.Mozilla.) [HKLM][64Bits] -- Mozilla Firefox 23.0.1 (x86 fr) O42 - Logiciel: Mozilla Maintenance Service - (.Mozilla.) [HKLM][64Bits] -- MozillaMaintenanceService O42 - Logiciel: NVIDIA GeForce Experience 1.6.1 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience O42 - Logiciel: NVIDIA Logiciel système PhysX 9.13.0604 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX O42 - Logiciel: NVIDIA PhysX - (.NVIDIA Corporation.) [HKLM][64Bits] -- {3282FBE1-35FC-48D8-98CA-115A5EF1F9B4} O42 - Logiciel: NVIDIA Pilote 3D Vision 320.49 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision O42 - Logiciel: NVIDIA Pilote audio HD : 1.3.24.2 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver O42 - Logiciel: NVIDIA Pilote du contrôleur 3D Vision 320.49 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB O42 - Logiciel: NVIDIA Pilote graphique 320.49 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver O42 - Logiciel: NVIDIA Stereoscopic 3D Driver - (.NVIDIA Corporation.) [HKLM][64Bits] -- NVIDIAStereo O42 - Logiciel: NVIDIA Virtual Audio 1.2.5 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver O42 - Logiciel: Pando Media Booster - (.Pando Networks Inc..) [HKLM][64Bits] -- {980A182F-E0A2-4A40-94C1-AE0C1235902E} O42 - Logiciel: Realtek Ethernet Controller Driver - (.Realtek.) [HKLM][64Bits] -- {8833FFB6-5B0C-4764-81AA-06DFEED9A476} O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM][64Bits] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} O42 - Logiciel: Skype™ 6.3 - (.Skype Technologies S.A..) [HKLM][64Bits] -- {4E76FF7E-AEBA-4C87-B788-CD47E5425B9D} O42 - Logiciel: TeamViewer 8 - (.TeamViewer.) [HKLM][64Bits] -- TeamViewer 8 O42 - Logiciel: VLC media player 2.0.8 - (.VideoLAN.) [HKLM][64Bits] -- VLC media player O42 - Logiciel: Warcraft III - (.Blizzard Entertainment.) [HKLM][64Bits] -- Warcraft III O42 - Logiciel: WinRAR 4.20 (32-bit) - (.win.rar GmbH.) [HKLM][64Bits] -- WinRAR archiver O42 - Logiciel: ZebHelpProcess 2013 - (.Nicolas Coolman.) [HKLM][64Bits] -- Zeb Help Process_is1 O42 - Logiciel: eReg - (.Logitech, Inc..) [HKLM][64Bits] -- {3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C} O42 - Logiciel: iTunes - (.Apple Inc..) [HKLM][64Bits] -- {76FF0F03-B707-4332-B5D1-A56C8303514E} ~ Logic: 83 Scanned in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\AnvSoft] [HKCU\Software\AppDataLow\Software\JavaSoft] [HKCU\Software\AppDataLow] [HKCU\Software\Apple Computer, Inc.] [HKCU\Software\Apple Inc.] [HKCU\Software\Battle.net] [HKCU\Software\Blizzard Entertainment] [HKCU\Software\Borland] [HKCU\Software\Bugsplat] [HKCU\Software\ClassesB] [HKCU\Software\Classes] [HKCU\Software\Clients] [HKCU\Software\ESET] [HKCU\Software\IM Providers] [HKCU\Software\JavaSoft] [HKCU\Software\Leadertech] [HKCU\Software\Logitech] [HKCU\Software\Macromedia] [HKCU\Software\Mine] [HKCU\Software\MozillaPlugins] [HKCU\Software\Mozilla] [HKCU\Software\NVIDIA Corporation] [HKCU\Software\Pando Networks] [HKCU\Software\Policies] [HKCU\Software\Realtek] [HKCU\Software\RegisteredApplications] [HKCU\Software\Skype] [HKCU\Software\Software] [HKCU\Software\TeamViewer] [HKCU\Software\WinRAR SFX] [HKCU\Software\WinRAR] [HKCU\Software\Wow6432Node] [HKCU\Software\ZebHelpProcess Helper] [HKCU\Software\ej-technologies] [HKLM\Software\AGEIA Technologies] [HKLM\Software\ATI Technologies] [HKLM\Software\Alienware] [HKLM\Software\Apple Computer, Inc.] [HKLM\Software\Apple Inc.] [HKLM\Software\Atheros] [HKLM\Software\Borland] [HKLM\Software\Canon] [HKLM\Software\Classes] [HKLM\Software\Clients] [HKLM\Software\DTS] [HKLM\Software\Dolby] [HKLM\Software\FileZilla 3] [HKLM\Software\GEAR Software] [HKLM\Software\IM Providers] [HKLM\Software\Intel] [HKLM\Software\Khronos] [HKLM\Software\Knowles] [HKLM\Software\Logitech] [HKLM\Software\Macromedia] [HKLM\Software\MozillaPlugins] [HKLM\Software\Mozilla] [HKLM\Software\NVIDIA Corporation] [HKLM\Software\ODBC] [HKLM\Software\Policies] [HKLM\Software\RTLSetup] [HKLM\Software\Realtek] [HKLM\Software\RegisteredApplications] [HKLM\Software\SRS Labs] [HKLM\Software\SonicFocus] [HKLM\Software\Waves Audio] [HKLM\Software\Wow6432Node\AGEIA Technologies] [HKLM\Software\Wow6432Node\AdwCleaner] [HKLM\Software\Wow6432Node\Apple Computer, Inc.] [HKLM\Software\Wow6432Node\Apple Inc.] [HKLM\Software\Wow6432Node\Blizzard Entertainment] [HKLM\Software\Wow6432Node\Borland] [HKLM\Software\Wow6432Node\Caphyon] [HKLM\Software\Wow6432Node\Classes] [HKLM\Software\Wow6432Node\Clients] [HKLM\Software\Wow6432Node\Eset] [HKLM\Software\Wow6432Node\FileZilla 3] [HKLM\Software\Wow6432Node\Google] [HKLM\Software\Wow6432Node\IM Providers] [HKLM\Software\Wow6432Node\InstallShield] [HKLM\Software\Wow6432Node\Intel] [HKLM\Software\Wow6432Node\JavaSoft] [HKLM\Software\Wow6432Node\JreMetrics] [HKLM\Software\Wow6432Node\Khronos] [HKLM\Software\Wow6432Node\Licenses] [HKLM\Software\Wow6432Node\Logitech] [HKLM\Software\Wow6432Node\Macromedia] [HKLM\Software\Wow6432Node\Marvell] [HKLM\Software\Wow6432Node\MozillaPlugins] [HKLM\Software\Wow6432Node\Mozilla] [HKLM\Software\Wow6432Node\NVIDIA Corporation] [HKLM\Software\Wow6432Node\ODBC] [HKLM\Software\Wow6432Node\OldTimer Tools] [HKLM\Software\Wow6432Node\Pando Networks] [HKLM\Software\Wow6432Node\Policies] [HKLM\Software\Wow6432Node\Realtek Semiconductor Corp.] [HKLM\Software\Wow6432Node\Realtek] [HKLM\Software\Wow6432Node\RegisteredApplications] [HKLM\Software\Wow6432Node\Riot Games] [HKLM\Software\Wow6432Node\Skype] [HKLM\Software\Wow6432Node\Software] [HKLM\Software\Wow6432Node\TeamViewer] [HKLM\Software\Wow6432Node\VideoLAN] [HKLM\Software\Wow6432Node\WinRAR] [HKLM\Software\Wow6432Node\ej-technologies] [HKLM\Software\Wow6432Node\mozilla.org] [HKLM\Software\Wow6432Node] ~ Key Software: 154 Scanned in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 07/07/2013 - 01:09:04 - [0] ----D C:\Program Files (x86)\AGEIA Technologies O43 - CFD: 21/07/2013 - 16:29:31 - [105,630] ----D C:\Program Files (x86)\AnvSoft O43 - CFD: 21/07/2013 - 15:14:37 - [2,316] ----D C:\Program Files (x86)\Apple Software Update O43 - CFD: 21/07/2013 - 15:13:03 - [0,602] ----D C:\Program Files (x86)\Bonjour O43 - CFD: 08/09/2013 - 18:38:07 - [157,861] ----D C:\Program Files (x86)\Common Files O43 - CFD: 08/09/2013 - 18:36:13 - [133,597] ----D C:\Program Files (x86)\ESET O43 - CFD: 01/09/2013 - 09:19:11 - [17,329] ----D C:\Program Files (x86)\FileZilla FTP Client O43 - CFD: 07/07/2013 - 01:12:18 - [11,304] ----D C:\Program Files (x86)\InstallShield Installation Information O43 - CFD: 07/07/2013 - 01:09:12 - [7,752] ----D C:\Program Files (x86)\Intel O43 - CFD: 18/08/2013 - 22:35:29 - [4,622] ----D C:\Program Files (x86)\Internet Explorer O43 - CFD: 21/07/2013 - 15:15:16 - [155,998] ----D C:\Program Files (x86)\iTunes O43 - CFD: 31/08/2013 - 17:26:10 - [122,487] ----D C:\Program Files (x86)\Java O43 - CFD: 21/07/2013 - 15:17:19 - [191,855] ----D C:\Program Files (x86)\JDownloader O43 - CFD: 26/07/2012 - 10:12:59 - [0,023] ----D C:\Program Files (x86)\Microsoft.NET O43 - CFD: 18/08/2013 - 19:26:18 - [47,920] ----D C:\Program Files (x86)\Mozilla Firefox O43 - CFD: 18/08/2013 - 22:36:27 - [0,215] ----D C:\Program Files (x86)\Mozilla Maintenance Service O43 - CFD: 31/08/2013 - 17:11:20 - [141,882] ----D C:\Program Files (x86)\NVIDIA Corporation O43 - CFD: 13/07/2013 - 17:34:11 - [7,182] ----D C:\Program Files (x86)\Pando Networks O43 - CFD: 07/07/2013 - 01:12:22 - [5,910] ----D C:\Program Files (x86)\Realtek O43 - CFD: 08/09/2013 - 17:15:31 - [18,031] R---D C:\Program Files (x86)\Skype O43 - CFD: 08/09/2013 - 18:15:15 - [0] ----D C:\Program Files (x86)\Software O43 - CFD: 13/07/2013 - 15:47:43 - [24,323] ----D C:\Program Files (x86)\TeamViewer O43 - CFD: 07/07/2013 - 01:11:52 - [0] ----D C:\Program Files (x86)\Temp O43 - CFD: 01/09/2013 - 17:01:24 - [102,176] ----D C:\Program Files (x86)\VideoLAN O43 - CFD: 21/07/2013 - 00:03:07 - [1135,197] ----D C:\Program Files (x86)\Warcraft III O43 - CFD: 18/08/2013 - 22:35:29 - [1,038] ----D C:\Program Files (x86)\Windows Defender O43 - CFD: 26/07/2012 - 12:08:59 - [5,466] ----D C:\Program Files (x86)\Windows Mail O43 - CFD: 21/07/2013 - 14:54:48 - [3,494] ----D C:\Program Files (x86)\Windows Media Player O43 - CFD: 26/07/2012 - 10:13:01 - [0,209] ----D C:\Program Files (x86)\Windows Multimedia Platform O43 - CFD: 26/07/2012 - 10:12:59 - [7,243] ----D C:\Program Files (x86)\Windows NT O43 - CFD: 21/07/2013 - 14:54:44 - [5,226] ----D C:\Program Files (x86)\Windows Photo Viewer O43 - CFD: 26/07/2012 - 10:13:01 - [0,209] ----D C:\Program Files (x86)\Windows Portable Devices O43 - CFD: 26/07/2012 - 10:12:59 - [0] ----D C:\Program Files (x86)\Windows Sidebar O43 - CFD: 13/07/2013 - 17:36:23 - [4,131] ----D C:\Program Files (x86)\WinRAR O43 - CFD: 13/09/2013 - 22:43:29 - [125,345] ----D C:\Program Files (x86)\ZebHelpProcess O43 - CFD: 13/09/2013 - 22:52:17 - [21,761] ----D C:\Program Files (x86)\ZHPDiag O43 - CFD: 08/09/2013 - 18:31:33 - [6,842] ----D C:\Program Files (x86)\ZHPFix O43 - CFD: 21/07/2013 - 15:15:06 - [100,035] ----D C:\Program Files (x86)\Common Files\Apple O43 - CFD: 20/07/2013 - 19:21:23 - [0,980] ----D C:\Program Files (x86)\Common Files\Blizzard Entertainment O43 - CFD: 08/09/2013 - 18:38:07 - [7,320] ----D C:\Program Files (x86)\Common Files\Borland Shared O43 - CFD: 07/07/2013 - 01:11:23 - [2,009] ----D C:\Program Files (x86)\Common Files\InstallShield O43 - CFD: 31/08/2013 - 17:26:15 - [1,189] ----D C:\Program Files (x86)\Common Files\Java O43 - CFD: 13/07/2013 - 15:52:33 - [0,494] ----D C:\Program Files (x86)\Common Files\LogiShrd O43 - CFD: 13/07/2013 - 16:03:07 - [34,522] ----D C:\Program Files (x86)\Common Files\Microsoft Shared O43 - CFD: 26/07/2012 - 10:13:01 - [0,003] ----D C:\Program Files (x86)\Common Files\Services O43 - CFD: 08/09/2013 - 17:15:30 - [1,904] ----D C:\Program Files (x86)\Common Files\Skype O43 - CFD: 26/07/2012 - 12:08:59 - [9,406] ----D C:\Program Files (x86)\Common Files\System O43 - CFD: 21/07/2013 - 15:15:17 - [2,774] ----D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 O43 - CFD: 21/07/2013 - 15:12:58 - [36,874] ----D C:\ProgramData\Apple O43 - CFD: 21/07/2013 - 15:15:06 - [58,610] ----D C:\ProgramData\Apple Computer O43 - CFD: 26/07/2012 - 09:22:08 - [0] --H-D C:\ProgramData\Application Data O43 - CFD: 08/09/2013 - 17:14:26 - [0,169] ----D C:\ProgramData\BoxUpdChk O43 - CFD: 07/07/2013 - 00:58:53 - [0] --H-D C:\ProgramData\Bureau O43 - CFD: 11/08/2013 - 22:58:19 - [23,871] --H-D C:\ProgramData\CanonBJ O43 - CFD: 26/07/2012 - 09:22:08 - [0] --H-D C:\ProgramData\Desktop O43 - CFD: 26/07/2012 - 09:22:08 - [0] --H-D C:\ProgramData\Documents O43 - CFD: 07/07/2013 - 01:09:21 - [0,014] ----D C:\ProgramData\Intel O43 - CFD: 13/07/2013 - 15:52:49 - [1,649] ----D C:\ProgramData\Logishrd O43 - CFD: 13/07/2013 - 19:17:06 - [0,014] ----D C:\ProgramData\Logitech O43 - CFD: 07/07/2013 - 00:58:53 - [0] --H-D C:\ProgramData\Menu Démarrer O43 - CFD: 21/07/2013 - 15:02:37 - [690,167] -S--D C:\ProgramData\Microsoft O43 - CFD: 07/07/2013 - 00:58:53 - [0] --H-D C:\ProgramData\Modèles O43 - CFD: 13/07/2013 - 17:26:27 - [0,007] ----D C:\ProgramData\Mozilla O43 - CFD: 08/09/2013 - 18:13:12 - [81,563] ----D C:\ProgramData\NVIDIA O43 - CFD: 07/07/2013 - 01:10:55 - [2,157] ----D C:\ProgramData\NVIDIA Corporation O43 - CFD: 08/09/2013 - 13:02:24 - [0,002] ----D C:\ProgramData\PMB Files =>P2P.Pando O43 - CFD: 13/07/2013 - 16:04:10 - [0,039] ----D C:\ProgramData\PRICache O43 - CFD: 26/07/2012 - 12:11:33 - [0,001] ----D C:\ProgramData\regid.1991-06.com.microsoft O43 - CFD: 08/09/2013 - 17:15:31 - [0,887] ----D C:\ProgramData\Skype O43 - CFD: 26/07/2012 - 09:22:08 - [0] --H-D C:\ProgramData\Start Menu O43 - CFD: 31/08/2013 - 17:26:15 - [0,000] ----D C:\ProgramData\Sun O43 - CFD: 08/09/2013 - 17:20:13 - [0] ----D C:\ProgramData\TEMP O43 - CFD: 26/07/2012 - 09:22:08 - [0] --H-D C:\ProgramData\Templates O43 - CFD: 07/07/2013 - 01:01:38 - [0] ----D C:\Users\Corentin\AppData\Roaming\Adobe O43 - CFD: 21/07/2013 - 16:29:46 - [15,251] ----D C:\Users\Corentin\AppData\Roaming\AnvSoft O43 - CFD: 21/07/2013 - 16:36:19 - [0,917] ----D C:\Users\Corentin\AppData\Roaming\Apple Computer O43 - CFD: 01/09/2013 - 09:37:50 - [0,019] ----D C:\Users\Corentin\AppData\Roaming\FileZilla O43 - CFD: 07/07/2013 - 01:08:40 - [0] ----D C:\Users\Corentin\AppData\Roaming\InstallShield O43 - CFD: 13/07/2013 - 15:52:34 - [0,000] ----D C:\Users\Corentin\AppData\Roaming\Leadertech O43 - CFD: 13/07/2013 - 15:50:46 - [0,140] ----D C:\Users\Corentin\AppData\Roaming\Logishrd O43 - CFD: 13/07/2013 - 15:52:48 - [0,031] ----D C:\Users\Corentin\AppData\Roaming\Logitech O43 - CFD: 13/07/2013 - 19:08:59 - [0,000] ----D C:\Users\Corentin\AppData\Roaming\LolClient O43 - CFD: 14/07/2013 - 12:15:58 - [0,004] ----D C:\Users\Corentin\AppData\Roaming\LoLPlus O43 - CFD: 07/07/2013 - 01:04:42 - [0,001] ----D C:\Users\Corentin\AppData\Roaming\Macromedia O43 - CFD: 13/07/2013 - 17:32:30 - [0,975] -S--D C:\Users\Corentin\AppData\Roaming\Microsoft O43 - CFD: 13/07/2013 - 17:26:41 - [28,982] ----D C:\Users\Corentin\AppData\Roaming\Mozilla O43 - CFD: 13/07/2013 - 17:34:02 - [0] ----D C:\Users\Corentin\AppData\Roaming\Riot Games O43 - CFD: 13/09/2013 - 22:35:15 - [4,573] ----D C:\Users\Corentin\AppData\Roaming\Skype O43 - CFD: 01/09/2013 - 17:04:15 - [0,077] ----D C:\Users\Corentin\AppData\Roaming\vlc O43 - CFD: 13/07/2013 - 17:36:48 - [0,000] ----D C:\Users\Corentin\AppData\Roaming\WinRAR O43 - CFD: 21/07/2013 - 15:14:37 - [0] ----D C:\Users\Corentin\AppData\Local\Apple O43 - CFD: 21/07/2013 - 15:15:18 - [1,402] ----D C:\Users\Corentin\AppData\Local\Apple Computer O43 - CFD: 07/07/2013 - 01:01:11 - [0] ----D C:\Users\Corentin\AppData\Local\Application Data O43 - CFD: 08/09/2013 - 17:13:51 - [1,334] ----D C:\Users\Corentin\AppData\Local\DProtect =>Trojan.Staser O43 - CFD: 07/07/2013 - 01:01:11 - [0] ----D C:\Users\Corentin\AppData\Local\Historique O43 - CFD: 13/07/2013 - 17:32:30 - [0] ----D C:\Users\Corentin\AppData\Local\Macromedia O43 - CFD: 11/08/2013 - 22:58:24 - [121,781] ----D C:\Users\Corentin\AppData\Local\Microsoft O43 - CFD: 13/07/2013 - 17:26:36 - [27,502] ----D C:\Users\Corentin\AppData\Local\Mozilla O43 - CFD: 07/07/2013 - 01:12:22 - [0,011] ----D C:\Users\Corentin\AppData\Local\NVIDIA O43 - CFD: 13/07/2013 - 16:04:10 - [71,139] ----D C:\Users\Corentin\AppData\Local\Packages O43 - CFD: 08/09/2013 - 17:17:05 - [0,173] ----D C:\Users\Corentin\AppData\Local\PMB Files =>P2P.Pando O43 - CFD: 21/07/2013 - 15:57:19 - [0] ----D C:\Users\Corentin\AppData\Local\Programs O43 - CFD: 08/09/2013 - 17:13:51 - [0] ----D C:\Users\Corentin\AppData\Local\Software O43 - CFD: 13/09/2013 - 22:49:10 - [4,915] ----D C:\Users\Corentin\AppData\Local\Temp O43 - CFD: 07/07/2013 - 01:01:11 - [0] ----D C:\Users\Corentin\AppData\Local\Temporary Internet Files O43 - CFD: 20/07/2013 - 19:31:31 - [15,395] ----D C:\Users\Corentin\AppData\Local\VirtualStore O43 - CFD: 26/07/2012 - 10:13:00 - [0,004] R---D C:\Users\Corentin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility O43 - CFD: 26/07/2012 - 10:13:00 - [0,001] R---D C:\Users\Corentin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories O43 - CFD: 13/07/2013 - 16:04:11 - [0,000] R---D C:\Users\Corentin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools O43 - CFD: 01/09/2013 - 09:19:11 - [0,002] ----D C:\Users\Corentin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client O43 - CFD: 26/07/2012 - 10:13:00 - [0,000] ----D C:\Users\Corentin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance O43 - CFD: 08/09/2013 - 18:28:13 - [0] R---D C:\Users\Corentin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup O43 - CFD: 26/07/2012 - 10:13:00 - [0,005] R---D C:\Users\Corentin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools O43 - CFD: 13/07/2013 - 17:36:23 - [0,003] ----D C:\Users\Corentin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR ~ Program Folder: 114 Scanned in 00mn 00s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.92E92555B7F466B5B6BBABA0FCCED150] - 13/09/2013 - 21:47:25 ---A- . (...) -- C:\PhysicalDisk0_MBR.bin [512] O44 - LFC:[MD5.C90F9F3D332A19CB9A08D2FFA2ADB14B] - 13/09/2013 - 21:46:22 ---A- . (...) -- C:\Windows\WindowsUpdate.log [1313425] O44 - LFC:[MD5.DCB83555EE94093ECF88F442AAA7C39D] - 13/09/2013 - 21:45:40 ---A- . (...) -- C:\PDOXUSRS.NET [13030] O44 - LFC:[MD5.751BCDCF5231A47FDAAD8568F404A055] - 13/09/2013 - 21:36:42 ---A- . (...) -- C:\Windows\SysNative\PerfStringBackup.INI [1703826] O44 - LFC:[MD5.8FEB3BB42521D6471E9DA4D53F519A75] - 13/09/2013 - 21:36:42 ---A- . (...) -- C:\Windows\SysNative\perfc009.dat [124636] O44 - LFC:[MD5.C0C9FBA8476479E7357AC61EDC285EB6] - 13/09/2013 - 21:36:42 ---A- . (...) -- C:\Windows\SysNative\perfc00C.dat [147664] O44 - LFC:[MD5.31B8F93094A05510FF40B6B351D6685F] - 13/09/2013 - 21:36:42 ---A- . (...) -- C:\Windows\SysNative\perfh009.dat [674750] O44 - LFC:[MD5.BB9EE292F7AA9B2437EE1DC5BDF21010] - 13/09/2013 - 21:36:42 ---A- . (...) -- C:\Windows\SysNative\perfh00C.dat [763316] O44 - LFC:[MD5.751BCDCF5231A47FDAAD8568F404A055] - 13/09/2013 - 21:36:42 RSHAD . (...) -- C:\Windows\System32\PerfStringBackup.INI [1703826] O44 - LFC:[MD5.8FEB3BB42521D6471E9DA4D53F519A75] - 13/09/2013 - 21:36:42 RSHAD . (...) -- C:\Windows\System32\perfc009.dat [124636] O44 - LFC:[MD5.C0C9FBA8476479E7357AC61EDC285EB6] - 13/09/2013 - 21:36:42 RSHAD . (...) -- C:\Windows\System32\perfc00C.dat [147664] O44 - LFC:[MD5.31B8F93094A05510FF40B6B351D6685F] - 13/09/2013 - 21:36:42 RSHAD . (...) -- C:\Windows\System32\perfh009.dat [674750] O44 - LFC:[MD5.BB9EE292F7AA9B2437EE1DC5BDF21010] - 13/09/2013 - 21:36:42 RSHAD . (...) -- C:\Windows\System32\perfh00C.dat [763316] O44 - LFC:[MD5.257B530A2D7122D3C78CCDEA53837FC0] - 13/09/2013 - 21:34:23 -S-A- . (...) -- C:\Windows\bootstat.dat [67584] O44 - LFC:[MD5.31CAECD7AAA332402F50651A6895A0D3] - 08/09/2013 - 17:13:11 ---A- . (...) -- C:\Windows\SysNative\FNTCACHE.DAT [281864] O44 - LFC:[MD5.31CAECD7AAA332402F50651A6895A0D3] - 08/09/2013 - 17:13:11 RSHAD . (...) -- C:\Windows\System32\FNTCACHE.DAT [281864] O44 - LFC:[MD5.C9A78CB27ECE40DAC0B0A36CA1AFBC12] - 08/09/2013 - 17:13:04 ---A- . (...) -- C:\Windows\PFRO.log [3816] O44 - LFC:[MD5.3DF0D447956118C0050D04D3BFF65E0A] - 08/09/2013 - 17:04:29 ---A- . (...) -- C:\DelFix.txt [478] O44 - LFC:[MD5.3CA8372E7D9C2EF8314C0C965F6B8427] - 31/08/2013 - 16:14:38 ---A- . (.Microsoft Corporation - Pilote Win32 multi-utilisateurs.) -- C:\Windows\SysNative\win32k.sys [4039680] O44 - LFC:[MD5.3CA8372E7D9C2EF8314C0C965F6B8427] - 31/08/2013 - 16:14:38 RSHAD . (.Microsoft Corporation - Pilote Win32 multi-utilisateurs.) -- C:\Windows\System32\win32k.sys [4039680] O44 - LFC:[MD5.58B7BEACEB8B19A9698FE85B76C88ED9] - 31/08/2013 - 16:14:37 ---A- . (.Microsoft Corporation - API en mode utilisateur FWP/IPsec.) -- C:\Windows\SysNative\FWPUCLNT.DLL [381952] O44 - LFC:[MD5.58B7BEACEB8B19A9698FE85B76C88ED9] - 31/08/2013 - 16:14:37 ---A- . (.Microsoft Corporation - API en mode utilisateur FWP/IPsec.) -- C:\Windows\System32\FWPUCLNT.DLL [381952] O44 - LFC:[MD5.560A9357766AB0CDF38143EA3A66DA64] - 31/08/2013 - 16:14:37 ---A- . (.Microsoft Corporation - Contrôle d’édition de texte enrichi, v7.5.) -- C:\Windows\SysNative\msftedit.dll [2839552] O44 - LFC:[MD5.560A9357766AB0CDF38143EA3A66DA64] - 31/08/2013 - 16:14:37 ---A- . (.Microsoft Corporation - Contrôle d’édition de texte enrichi, v7.5.) -- C:\Windows\System32\msftedit.dll [2839552] O44 - LFC:[MD5.814F4A0774F08F580D71FA7E880CD454] - 31/08/2013 - 16:14:37 ---A- . (.Microsoft Corporation - DLL de spouleur local.) -- C:\Windows\SysNative\localspl.dll [1025024] O44 - LFC:[MD5.3884117CE4FEC35E4A1A7A62918B1F34] - 31/08/2013 - 16:14:37 ---A- . (.Microsoft Corporation - Extension IKE.) -- C:\Windows\SysNative\IKEEXT.DLL [1156096] O44 - LFC:[MD5.12DE753B04FE08427BC4BA3133BFB1DB] - 31/08/2013 - 16:14:37 ---A- . (.Microsoft Corporation - Flux de connexion WAN sans fil.) -- C:\Windows\SysNative\wwanconn.dll [414208] O44 - LFC:[MD5.45A2DE308D27355F0F0D13499C8207DA] - 31/08/2013 - 16:14:37 ---A- . (.Microsoft Corporation - GDI Client DLL.) -- C:\Windows\SysNative\gdi32.dll [1300480] O44 - LFC:[MD5.45A2DE308D27355F0F0D13499C8207DA] - 31/08/2013 - 16:14:37 ---A- . (.Microsoft Corporation - GDI Client DLL.) -- C:\Windows\System32\gdi32.dll [1300480] O44 - LFC:[MD5.73133A0C0CA63817BFF2CB9DE65B64E7] - 31/08/2013 - 16:14:37 ---A- . (.Microsoft Corporation - Moteur de filtrage de base.) -- C:\Windows\SysNative\BFE.DLL [723968] O44 - LFC:[MD5.7A102E79DD8F1032BCB76064E2E50C4A] - 31/08/2013 - 16:14:37 ---A- . (.Microsoft Corporation - Pas de description.) -- C:\Windows\SysNative\oleaut32.dll [778752] O44 - LFC:[MD5.7A102E79DD8F1032BCB76064E2E50C4A] - 31/08/2013 - 16:14:37 ---A- . (.Microsoft Corporation - Pas de description.) -- C:\Windows\System32\oleaut32.dll [778752] O44 - LFC:[MD5.814F4A0774F08F580D71FA7E880CD454] - 31/08/2013 - 16:14:37 RSHAD . (.Microsoft Corporation - DLL de spouleur local.) -- C:\Windows\System32\localspl.dll [1025024] O44 - LFC:[MD5.3884117CE4FEC35E4A1A7A62918B1F34] - 31/08/2013 - 16:14:37 RSHAD . (.Microsoft Corporation - Extension IKE.) -- C:\Windows\System32\IKEEXT.DLL [1156096] O44 - LFC:[MD5.12DE753B04FE08427BC4BA3133BFB1DB] - 31/08/2013 - 16:14:37 RSHAD . (.Microsoft Corporation - Flux de connexion WAN sans fil.) -- C:\Windows\System32\wwanconn.dll [414208] O44 - LFC:[MD5.73133A0C0CA63817BFF2CB9DE65B64E7] - 31/08/2013 - 16:14:37 RSHAD . (.Microsoft Corporation - Moteur de filtrage de base.) -- C:\Windows\System32\BFE.DLL [723968] O44 - LFC:[MD5.09039F3D5A23483010AA6F5FE388F3C4] - 31/08/2013 - 16:14:37 RSHAD . (.Microsoft Corporation - SCSI Class System Dll.) -- C:\Windows\System32\Drivers\Classpnp.sys [327512] O44 - LFC:[MD5.8E5271A1AC463276023B39BC846F299C] - 31/08/2013 - 16:14:36 ---A- . (.Microsoft Corporation - API Microsoft Smart Card.) -- C:\Windows\SysNative\WinSCard.dll [230912] O44 - LFC:[MD5.8E5271A1AC463276023B39BC846F299C] - 31/08/2013 - 16:14:36 ---A- . (.Microsoft Corporation - API Microsoft Smart Card.) -- C:\Windows\System32\WinSCard.dll [230912] O44 - LFC:[MD5.9A218BB2D3EC7CAAC84351D59204013A] - 31/08/2013 - 16:14:36 ---A- . (.Microsoft Corporation - Affiche les fichiers actuellement ouverts.) -- C:\Windows\SysNative\openfiles.exe [77312] O44 - LFC:[MD5.9A218BB2D3EC7CAAC84351D59204013A] - 31/08/2013 - 16:14:36 ---A- . (.Microsoft Corporation - Affiche les fichiers actuellement ouverts.) -- C:\Windows\System32\openfiles.exe [77312] O44 - LFC:[MD5.B8BF7450DC17F940DD3B1A853F62724F] - 31/08/2013 - 16:14:36 ---A- . (.Microsoft Corporation - Application d’assistance Netsh de la platef.) -- C:\Windows\SysNative\nshwfp.dll [888832] O44 - LFC:[MD5.B8BF7450DC17F940DD3B1A853F62724F] - 31/08/2013 - 16:14:36 ---A- . (.Microsoft Corporation - Application d’assistance Netsh de la platef.) -- C:\Windows\System32\nshwfp.dll [888832] O44 - LFC:[MD5.0ABF97013CA7400213DCBDC7B499AF85] - 31/08/2013 - 16:14:36 ---A- . (.Microsoft Corporation - Base Multimedia Extension API DLL.) -- C:\Windows\SysNative\winmmbase.dll [183808] O44 - LFC:[MD5.0ABF97013CA7400213DCBDC7B499AF85] - 31/08/2013 - 16:14:36 ---A- . (.Microsoft Corporation - Base Multimedia Extension API DLL.) -- C:\Windows\System32\winmmbase.dll [183808] O44 - LFC:[MD5.827AE73CD7CB3A8292A50EF39169071F] - 31/08/2013 - 16:14:36 ---A- . (.Microsoft Corporation - DLL API MCI.) -- C:\Windows\SysNative\winmm.dll [115712] O44 - LFC:[MD5.827AE73CD7CB3A8292A50EF39169071F] - 31/08/2013 - 16:14:36 ---A- . (.Microsoft Corporation - DLL API MCI.) -- C:\Windows\System32\winmm.dll [115712] O44 - LFC:[MD5.AF1349386D4C6786EF4E34FACEF15042] - 31/08/2013 - 16:14:36 ---A- . (.Microsoft Corporation - DLL du service de gestion des connexions Wi.) -- C:\Windows\SysNative\wcmsvc.dll [263680] O44 - LFC:[MD5.FF2E7B5DEF4C46870E8D00B80BBDB1DC] - 31/08/2013 - 16:14:36 ---A- . (.Microsoft Corporation - Flux de connexion WAN sans fil.) -- C:\Windows\SysNative\Wwanadvui.dll [370688] O44 - LFC:[MD5.93BBEFF2825AFD81651EA2D938AAFCCA] - 31/08/2013 - 16:14:36 ---A- . (.Microsoft Corporation - Gestionnaire multimédia WWan.) -- C:\Windows\SysNative\wwanmm.dll [543744] O44 - LFC:[MD5.C89FAB42CD5FD672506031D941529A74] - 31/08/2013 - 16:14:36 ---A- . (.Microsoft Corporation - Rapports de problèmes Windows.) -- C:\Windows\SysNative\WerFault.exe [439488] O44 - LFC:[MD5.C89FAB42CD5FD672506031D941529A74] - 31/08/2013 - 16:14:36 ---A- . (.Microsoft Corporation - Rapports de problèmes Windows.) -- C:\Windows\System32\WerFault.exe [439488] O44 - LFC:[MD5.6D9E07436B6646EC8F7EFFD39B6BA288] - 31/08/2013 - 16:14:36 ---A- . (.Microsoft Corporation - Service de configuration automatique WWAN.) -- C:\Windows\SysNative\wwansvc.dll [447488] O44 - LFC:[MD5.8C7D71CE2F03E8CD6F1045D9275E6E1D] - 31/08/2013 - 16:14:36 ---A- . (.Microsoft Corporation - Windows Connection Service Provider DLL.) -- C:\Windows\SysNative\wcmcsp.dll [74240] O44 - LFC:[MD5.97D3B79F36CBD8B70F0D9BA6939D2462] - 31/08/2013 - 16:14:36 ---A- . (.Microsoft Corporation - Windows.Networking.BackgroundTransfer DLL.) -- C:\Windows\SysNative\Windows.Networking.BackgroundTransfer.dll [391168] O44 - LFC:[MD5.97D3B79F36CBD8B70F0D9BA6939D2462] - 31/08/2013 - 16:14:36 ---A- . (.Microsoft Corporation - Windows.Networking.BackgroundTransfer DLL.) -- C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll [391168] O44 - LFC:[MD5.AF1349386D4C6786EF4E34FACEF15042] - 31/08/2013 - 16:14:36 RSHAD . (.Microsoft Corporation - DLL du service de gestion des connexions Wi.) -- C:\Windows\System32\wcmsvc.dll [263680] O44 - LFC:[MD5.FF2E7B5DEF4C46870E8D00B80BBDB1DC] - 31/08/2013 - 16:14:36 RSHAD . (.Microsoft Corporation - Flux de connexion WAN sans fil.) -- C:\Windows\System32\Wwanadvui.dll [370688] O44 - LFC:[MD5.FC2B8B06BDBD3B6457F5A3DA9AD2410E] - 31/08/2013 - 16:14:36 RSHAD . (.Microsoft Corporation - GPIO Class Extension Driver.) -- C:\Windows\System32\Drivers\msgpioclx.sys [120144] O44 - LFC:[MD5.93BBEFF2825AFD81651EA2D938AAFCCA] - 31/08/2013 - 16:14:36 RSHAD . (.Microsoft Corporation - Gestionnaire multimédia WWan.) -- C:\Windows\System32\wwanmm.dll [543744] O44 - LFC:[MD5.630555943E5A3FE21010CE91EC7FC84F] - 31/08/2013 - 16:14:36 RSHAD . (.Microsoft Corporation - High Definition Audio Function Driver.) -- C:\Windows\System32\Drivers\HdAudio.sys [341504] O44 - LFC:[MD5.F58B030A0664385C707B8C1C63682041] - 31/08/2013 - 16:14:36 RSHAD . (.Microsoft Corporation - Pilote du bus numérique sécurisé (SD).) -- C:\Windows\System32\Drivers\sdbus.sys [195416] O44 - LFC:[MD5.DD7B107B2BB3EE845F57315EF4ECAC9A] - 31/08/2013 - 16:14:36 RSHAD . (.Microsoft Corporation - SD Crashdump Port Driver.) -- C:\Windows\System32\Drivers\dumpsd.sys [125784] O44 - LFC:[MD5.6D9E07436B6646EC8F7EFFD39B6BA288] - 31/08/2013 - 16:14:36 RSHAD . (.Microsoft Corporation - Service de configuration automatique WWAN.) -- C:\Windows\System32\wwansvc.dll [447488] O44 - LFC:[MD5.25C50F4EDF70D0A831E0566BD181CCF2] - 31/08/2013 - 16:14:36 RSHAD . (.Microsoft Corporation - UDF File System Driver.) -- C:\Windows\System32\Drivers\udfs.sys [321536] O44 - LFC:[MD5.BFC7FE4AAEB61317A921871B4085EF4B] - 31/08/2013 - 16:14:36 RSHAD . (.Microsoft Corporation - USB Mass Storage Class Driver.) -- C:\Windows\System32\Drivers\USBSTOR.SYS [119040] O44 - LFC:[MD5.3F1F31883EAC9DDDF836ACC6D1DAC36C] - 31/08/2013 - 16:14:36 RSHAD . (.Microsoft Corporation - WFP NDIS 6.30 Lightweight Filter Driver.) -- C:\Windows\System32\Drivers\wfplwfs.sys [96512] O44 - LFC:[MD5.8C7D71CE2F03E8CD6F1045D9275E6E1D] - 31/08/2013 - 16:14:36 RSHAD . (.Microsoft Corporation - Windows Connection Service Provider DLL.) -- C:\Windows\System32\wcmcsp.dll [74240] O44 - LFC:[MD5.2CE63B3A60C54BF7421B090429C286B0] - 31/08/2013 - 16:14:35 ---A- . (...) -- C:\Windows\SysNative\ApnDatabase.xml [387583] O44 - LFC:[MD5.DB5C9AD31E50EDC86C6072EDE1E89692] - 31/08/2013 - 16:14:35 ---A- . (.Microsoft Corporation - Microsoft Windows Location API.) -- C:\Windows\SysNative\LocationApi.dll [312832] O44 - LFC:[MD5.DB5C9AD31E50EDC86C6072EDE1E89692] - 31/08/2013 - 16:14:35 ---A- . (.Microsoft Corporation - Microsoft Windows Location API.) -- C:\Windows\System32\LocationApi.dll [312832] O44 - LFC:[MD5.2CE63B3A60C54BF7421B090429C286B0] - 31/08/2013 - 16:14:35 RSHAD . (...) -- C:\Windows\System32\ApnDatabase.xml [387583] O44 - LFC:[MD5.220B120EF4C36B4A3E23FAEC91E2FCE3] - 31/08/2013 - 16:11:11 RSHAD . (.NVIDIA Corporation - NVIDIA Virtual Audio Driver.) -- C:\Windows\System32\Drivers\nvvad64v.sys [39200] O44 - LFC:[MD5.EBB7EC0731ED94C21382369CB95E52BB] - 01/09/2013 - 10:58:17 ---A- . (...) -- C:\Windows\setupact.log [17118] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 01/09/2013 - 10:58:17 RSHAD . (...) -- C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf [0] ~ Files: 75 Scanned in 00mn 01s ---\\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:[MD5.B39EC208D5F6CE99A56F8A6A4725E546] - 01/09/2013 - 08:19:11 ---A- - C:\Windows\Prefetch\REGSVR32.EXE-8461DBEE.pf O45 - LFCP:[MD5.B41D712452265CEC48C0573981EFEEDE] - 01/09/2013 - 08:19:23 ---A- - C:\Windows\Prefetch\FILEZILLA.EXE-4247A2A6.pf O45 - LFCP:[MD5.FF9207A338BDFA3ACBB107075D3BC654] - 01/09/2013 - 08:19:25 ---A- - C:\Windows\Prefetch\FILEZILLA_3-7-3_FR_11141.EXE-7B3DAFB6.pf O45 - LFCP:[MD5.5BE0D3FA8AC184DB791F4CDFE680EBA2] - 01/09/2013 - 08:41:58 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-EEE13F6D.pf O45 - LFCP:[MD5.E21E52209631E427D327B66DE885F64B] - 01/09/2013 - 08:42:01 ---A- - C:\Windows\Prefetch\SDIAGNHOST.EXE-8D72177C.pf O45 - LFCP:[MD5.A135B409051875E4C18ED27CDAD87E6E] - 01/09/2013 - 08:42:08 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-7AC6742A.pf O45 - LFCP:[MD5.4849F47DBCA4C12F72AAD7D729B9AE37] - 01/09/2013 - 08:51:55 ---A- - C:\Windows\Prefetch\MSASCUI.EXE-07E0123F.pf O45 - LFCP:[MD5.B2A5EDBAE95874A6B59C4D46ED72AC5A] - 01/09/2013 - 08:59:42 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-F1E6DC24.pf O45 - LFCP:[MD5.BEF01806D86F68E4CD2A70C88D7904D2] - 01/09/2013 - 08:59:42 ---A- - C:\Windows\Prefetch\WINSAT.EXE-DE36CB46.pf O45 - LFCP:[MD5.3EC9E2771C8C411B9FC518ED67D9169F] - 01/09/2013 - 09:01:52 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-90B5D9EF.pf O45 - LFCP:[MD5.47F26663C3B25AFF940D8795738E200A] - 01/09/2013 - 09:10:47 ---A- - C:\Windows\Prefetch\LOLLAUNCHER.EXE-4B5F871B.pf O45 - LFCP:[MD5.93B2F0F216A424A9F06A17B4B9549D83] - 01/09/2013 - 09:10:49 ---A- - C:\Windows\Prefetch\LOLCLIENT.EXE-28A1011D.pf O45 - LFCP:[MD5.83033CAA3C878E53EC1A31C6E02F1500] - 01/09/2013 - 09:45:25 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-BE1C0408.pf O45 - LFCP:[MD5.C0B1135C445D52964A0237C6B22BA642] - 01/09/2013 - 09:45:26 ---A- - C:\Windows\Prefetch\GLCND.EXE-1CA1746E.pf O45 - LFCP:[MD5.0E27C058DF21EE8C39A3FFC6777869D4] - 01/09/2013 - 10:58:17 ---A- - C:\Windows\Prefetch\DRVINST.EXE-4CB4314A.pf O45 - LFCP:[MD5.49CCB5097F935E007CF8274EBFAD8EE4] - 01/09/2013 - 10:58:23 ---A- - C:\Windows\Prefetch\DSMUSERTASK.EXE-35CC97B6.pf O45 - LFCP:[MD5.52C4D77FB52FC43741C4B12F2F83C32F] - 01/09/2013 - 12:09:56 ---A- - C:\Windows\Prefetch\WERFAULT.EXE-E69F695A.pf O45 - LFCP:[MD5.C20493952C51504A5C7AB191D896BF3A] - 01/09/2013 - 12:10:08 ---A- - C:\Windows\Prefetch\CRASHREPORTER.EXE-E090245C.pf O45 - LFCP:[MD5.476DA06582296BA35F5F93896DA4ACB5] - 01/09/2013 - 12:12:56 ---A- - C:\Windows\Prefetch\AM_DELTA_PATCH_1.157.865.0.EX-9EB319B8.pf O45 - LFCP:[MD5.D5482B3805FDC6AEC73C3DFE7425F541] - 01/09/2013 - 12:19:26 ---A- - C:\Windows\Prefetch\PRINTFILTERPIPELINESVC.EXE-1565F6A1.pf O45 - LFCP:[MD5.D92A3F0357AD31BE6AD21E70EBBD4D0C] - 01/09/2013 - 16:00:02 ---A- - C:\Windows\Prefetch\WUDFHOST.EXE-AFFEF87C.pf O45 - LFCP:[MD5.DD94AC7BCDB5828B9D1837213D934564] - 01/09/2013 - 16:01:28 ---A- - C:\Windows\Prefetch\VLC-2.0.8-WIN32.EXE-9B817B9E.pf O45 - LFCP:[MD5.23B1BC0D6D6A0FB296FA726A3CABC7A5] - 01/09/2013 - 16:01:34 ---A- - C:\Windows\Prefetch\VLC-CACHE-GEN.EXE-07B0ACF1.pf O45 - LFCP:[MD5.FECC75B864E84AFC11C933C7E11A8D75] - 01/09/2013 - 16:02:04 ---A- - C:\Windows\Prefetch\VLC.EXE-CC6F4A79.pf O45 - LFCP:[MD5.023F67591BC33AE5605C06C6FCA16C95] - 01/09/2013 - 16:03:02 ---A- - C:\Windows\Prefetch\AVCFREE.EXE-C8A8E029.pf O45 - LFCP:[MD5.C262F26B8DF953B8A8DDB63C3488E5D9] - 01/09/2013 - 16:07:04 ---A- - C:\Windows\Prefetch\WWAHOST.EXE-B730B6F5.pf O45 - LFCP:[MD5.086981510E23113DA11F51ED1D0C8914] - 01/09/2013 - 16:12:04 ---A- - C:\Windows\Prefetch\EXPLORER.EXE-254441E9.pf O45 - LFCP:[MD5.4944046C3CFAC8DA0B799BFFB55BDF57] - 01/09/2013 - 16:12:34 ---A- - C:\Windows\Prefetch\MFPMP.EXE-26F35380.pf O45 - LFCP:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 02/06/2170 - 01:32:17 - C:\Windows\Prefetch\ReadyBoot O45 - LFCP:[MD5.A6A9ECC05CD79D219369FCF475A97A8C] - 07/09/2013 - 13:44:02 ---A- - C:\Windows\Prefetch\USERINIT.EXE-2257A3E7.pf O45 - LFCP:[MD5.24EE5954D4A856B9EDEB4A621FAC78A4] - 07/09/2013 - 13:44:08 ---A- - C:\Windows\Prefetch\RUNONCE.EXE-0E293DD6.pf O45 - LFCP:[MD5.EEF7F0A717B41773DB4EACCF05B64C81] - 07/09/2013 - 13:45:01 ---A- - C:\Windows\Prefetch\DAO.16810112.EXE-2BBEDB2A.pf O45 - LFCP:[MD5.CEEEE152382265DF549FE41A43CB6A94] - 07/09/2013 - 14:38:03 ---A- - C:\Windows\Prefetch\JAVAW.EXE-2AB1E03D.pf O45 - LFCP:[MD5.AD921F33F488FF1E3E09A31EA591504F] - 07/09/2013 - 14:38:03 ---A- - C:\Windows\Prefetch\JAVAWS.EXE-6F609AD4.pf O45 - LFCP:[MD5.45A73126EF5F72696EFCC33213282CEB] - 07/09/2013 - 14:59:16 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-8C9077DE.pf O45 - LFCP:[MD5.21E8411EDAA9D77A97ABCB3525191ABC] - 07/09/2013 - 14:59:18 ---A- - C:\Windows\Prefetch\TASKHOST.EXE-790DE36A.pf O45 - LFCP:[MD5.37E1F08221BD2031CDBE05AB48510E15] - 07/09/2013 - 14:59:19 ---A- - C:\Windows\Prefetch\MSCORSVW.EXE-57D17DAF.pf O45 - LFCP:[MD5.90DEE4D7E1EC198174E199CF6263A13B] - 07/09/2013 - 14:59:19 ---A- - C:\Windows\Prefetch\MSCORSVW.EXE-C3C515BD.pf O45 - LFCP:[MD5.510B02639103CFC79A1D835B3152FEC9] - 07/09/2013 - 14:59:26 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-411A328D.pf O45 - LFCP:[MD5.41CCE6B3CD185A71FA6F9493C2F8760E] - 07/09/2013 - 14:59:38 ---A- - C:\Windows\Prefetch\dynreservedpri.db O45 - LFCP:[MD5.C87E48CD0A7C7A08DC2913A46A08977A] - 07/09/2013 - 22:11:27 ---A- - C:\Windows\Prefetch\SEARCHINDEXER.EXE-4A6353B9.pf O45 - LFCP:[MD5.99579E889689A8903722D043B550CB6A] - 08/09/2013 - 10:15:50 ---A- - C:\Windows\Prefetch\APSDAEMON.EXE-4484BAA6.pf O45 - LFCP:[MD5.74EC88292CFF159EF78290A547E130DF] - 08/09/2013 - 10:15:54 ---A- - C:\Windows\Prefetch\ITUNESHELPER.EXE-010C3851.pf O45 - LFCP:[MD5.0B633BC7A7B1871D716ED45E7231933C] - 08/09/2013 - 10:15:54 ---A- - C:\Windows\Prefetch\JUSCHED.EXE-60F1FB86.pf O45 - LFCP:[MD5.AF08C1A755BAEBCF7CF1D25F1B227290] - 08/09/2013 - 10:17:15 ---A- - C:\Windows\Prefetch\AM_DELTA_PATCH_1.157.1409.0.E-67105FFF.pf O45 - LFCP:[MD5.8F341D3AC6A3FBE111400A4D705FBC38] - 08/09/2013 - 10:18:30 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-97229F6A.pf O45 - LFCP:[MD5.53EC02925E44C2419D7B5221611469BC] - 08/09/2013 - 10:32:07 ---A- - C:\Windows\Prefetch\Layout.ini O45 - LFCP:[MD5.0F17904303299C61A4A234D8F7421F06] - 08/09/2013 - 10:32:08 ---A- - C:\Windows\Prefetch\NGEN.EXE-AE594A6B.pf O45 - LFCP:[MD5.A0DCDA15E7A8428E9D05D4C59AC639FD] - 08/09/2013 - 10:32:08 ---A- - C:\Windows\Prefetch\NGENTASK.EXE-4F8BD802.pf O45 - LFCP:[MD5.C48A7E9815279B971963250ED2E6A02A] - 08/09/2013 - 10:32:08 ---A- - C:\Windows\Prefetch\NGENTASK.EXE-BB7F7010.pf O45 - LFCP:[MD5.DF821E7FA6C912D34CBBF706A4CE32EF] - 08/09/2013 - 10:32:13 ---A- - C:\Windows\Prefetch\SETTINGSYNCHOST.EXE-2521C7ED.pf O45 - LFCP:[MD5.3C8D61331B80A50939EBD5DAD03E1AFF] - 08/09/2013 - 10:32:15 ---A- - C:\Windows\Prefetch\TASKHOST.EXE-DEE3290D.pf O45 - LFCP:[MD5.93D1B057A18D815A894D0F74F2C3E69D] - 08/09/2013 - 10:32:27 ---A- - C:\Windows\Prefetch\MAKECAB.EXE-0F1704A4.pf O45 - LFCP:[MD5.DFD31AD1A706432068DFA623C92A7A4C] - 08/09/2013 - 15:08:58 ---A- - C:\Windows\Prefetch\LOL.LAUNCHER.EXE-4C860503.pf O45 - LFCP:[MD5.CF1E183E75F31248D43AA93FE9FAB407] - 08/09/2013 - 15:09:08 ---A- - C:\Windows\Prefetch\RADS_USER_KERNEL.EXE-9DAAF573.pf O45 - LFCP:[MD5.CA3EE4B84DD1EF57CEA6C9F8D2A42633] - 08/09/2013 - 15:09:09 ---A- - C:\Windows\Prefetch\LOLLAUNCHER.EXE-8064E1DF.pf O45 - LFCP:[MD5.44B15F2F5D3F3E80BFFCFBBBC294B2D1] - 08/09/2013 - 15:09:11 ---A- - C:\Windows\Prefetch\LOLCLIENT.EXE-20951AA7.pf O45 - LFCP:[MD5.D18E0E61F606B36E1A0C0CE619EF0823] - 08/09/2013 - 15:13:02 ---A- - C:\Windows\Prefetch\SPLWOW64.EXE-297C4568.pf O45 - LFCP:[MD5.8B447531F2CFD7724E10F066B9B596E8] - 08/09/2013 - 15:13:02 ---A- - C:\Windows\Prefetch\WORDPAD.EXE-10B569CF.pf O45 - LFCP:[MD5.6F0143DE0DA15B1070DE56B6C88C656A] - 08/09/2013 - 15:13:04 ---A- - C:\Windows\Prefetch\PRINTISOLATIONHOST.EXE-E0CD10A9.pf O45 - LFCP:[MD5.2E1718BB5FEA011E3E681BB695E00F54] - 08/09/2013 - 15:14:49 ---A- - C:\Windows\Prefetch\SNDVOL.EXE-5D4CC7D6.pf O45 - LFCP:[MD5.A90743380ECDF1E913492B9DF919D720] - 08/09/2013 - 15:17:43 ---A- - C:\Windows\Prefetch\LEAGUE OF LEGENDS.EXE-EB1164CD.pf O45 - LFCP:[MD5.6199DCBCA0DDAF2EA06FDA5F97C83E5E] - 08/09/2013 - 15:47:11 ---A- - C:\Windows\Prefetch\PMB.EXE-3F581971.pf O45 - LFCP:[MD5.FBD4984206208878EA127CA29AF50E33] - 08/09/2013 - 16:00:55 ---A- - C:\Windows\Prefetch\CALC.EXE-77FDF17F.pf O45 - LFCP:[MD5.74A61D7F6217E6A2E414C0835D38BBD7] - 08/09/2013 - 16:13:09 ---A- - C:\Windows\Prefetch\SKYPE_SETUP.EXE-98EAD382.pf O45 - LFCP:[MD5.400820C37CBFE0222BC59FB7FF019C73] - 08/09/2013 - 16:13:37 ---A- - C:\Windows\Prefetch\ADKS_AR_QVO6.EXE-8FC15123.pf =>Hijacker.Qvo6 O45 - LFCP:[MD5.66C1CA964940CCDAA0B01DD2A73430BC] - 08/09/2013 - 16:13:39 ---A- - C:\Windows\Prefetch\TASKKILL.EXE-E0105477.pf O45 - LFCP:[MD5.058973C62B48A207FD45D76573920F3D] - 08/09/2013 - 16:13:41 ---A- - C:\Windows\Prefetch\DPROTECT.EXE-43DF62DF.pf =>Trojan.Staser O45 - LFCP:[MD5.A1951FB5FB870889291E9D165DD1753E] - 08/09/2013 - 16:13:41 ---A- - C:\Windows\Prefetch\DPUNINSTALL.EXE-FE35656C.pf O45 - LFCP:[MD5.CBB04195EEF13ADA919FA052AECE2239] - 08/09/2013 - 16:13:41 ---A- - C:\Windows\Prefetch\EGDPSVC.EXE-6846E902.pf O45 - LFCP:[MD5.B63A0C88CD7969E4369A78031DA3C353] - 08/09/2013 - 16:13:45 ---A- - C:\Windows\Prefetch\EXQ.EXE-B5493A04.pf O45 - LFCP:[MD5.16AB7061C3B81BB5546219BE67F93CC6] - 08/09/2013 - 16:13:51 ---A- - C:\Windows\Prefetch\DPROTECTSVC.EXE-BB1ED493.pf =>Trojan.Staser O45 - LFCP:[MD5.C0ABB03A3BBF571B6627A0D6926BE603] - 08/09/2013 - 16:14:00 ---A- - C:\Windows\Prefetch\OBBOXORE.EXE-13E21633.pf =>Adware.Boxore O45 - LFCP:[MD5.43743D8CC6A5E6428F8F32D0CEAC29AB] - 08/09/2013 - 16:14:01 ---A- - C:\Windows\Prefetch\BOXOREINSTALLER.EXE-59FCD204.pf =>Adware.Boxore O45 - LFCP:[MD5.043FF1D48BBB1C98B980A78762024057] - 08/09/2013 - 16:14:01 ---A- - C:\Windows\Prefetch\SOFTWAREUPDATE.EXE-36A9CD89.pf O45 - LFCP:[MD5.AD8C01F9092BB472E0407668D0F78E27] - 08/09/2013 - 16:14:36 ---A- - C:\Windows\Prefetch\BOXORE.EXE-BCDE0609.pf =>Adware.Boxore O45 - LFCP:[MD5.096A996933E6B607A322507D0CB9F3F7] - 08/09/2013 - 16:15:08 ---A- - C:\Windows\Prefetch\OPTIMIZERPRODYNAMIC.EXE-2CED5428.pf =>PUP.OptimizerPro O45 - LFCP:[MD5.2947E2097C70C7ECA119D8ABF853A071] - 08/09/2013 - 16:15:08 ---A- - C:\Windows\Prefetch\OPTIMIZER_PRO.EXE-DC666072.pf =>PUP.OptimizerPro O45 - LFCP:[MD5.834F8AB427ACAA495875041CA4932477] - 08/09/2013 - 16:15:08 ---A- - C:\Windows\Prefetch\OPTIMIZER_PRO.TMP-4F43C0A6.pf =>PUP.OptimizerPro O45 - LFCP:[MD5.D1915371D6CECD0F26E8C3FF5B7D1DCC] - 08/09/2013 - 16:15:16 ---A- - C:\Windows\Prefetch\OPTPROSTART.EXE-9FA07807.pf O45 - LFCP:[MD5.8D16A0D36B7C5ABC1020FB25B08AD5A9] - 08/09/2013 - 16:15:31 ---A- - C:\Windows\Prefetch\ATTRIB.EXE-73917FEA.pf O45 - LFCP:[MD5.F98791C1A3282627067657D4E631FB5A] - 08/09/2013 - 16:18:18 ---A- - C:\Windows\Prefetch\SKYPESETUP.EXE-0FBB04B4.pf O45 - LFCP:[MD5.31A3E6708D14767EE3AF5458EA169252] - 08/09/2013 - 16:20:16 ---A- - C:\Windows\Prefetch\OPTIMIZERPRO.EXE-507507D1.pf =>PUP.OptimizerPro O45 - LFCP:[MD5.50A681A6EF106D905AF334C26CAB7157] - 08/09/2013 - 16:37:02 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-5AEC1539.pf O45 - LFCP:[MD5.1D30149EC325410E1B75314B21626B5C] - 08/09/2013 - 16:38:32 ---A- - C:\Windows\Prefetch\SYSTEMSETTINGS.EXE-6069CEA4.pf O45 - LFCP:[MD5.D05332ABD19FC9F24A1AA0CF65CD52C6] - 08/09/2013 - 16:39:41 ---A- - C:\Windows\Prefetch\WWAHOST.EXE-1DB0146E.pf O45 - LFCP:[MD5.20D004A4B26689EDAD12E6CF5457E7FC] - 08/09/2013 - 16:39:42 ---A- - C:\Windows\Prefetch\LIVECOMM.EXE-024E77D2.pf O45 - LFCP:[MD5.6F5AF3E73B8F3AD7B06FF64F7C233FB2] - 08/09/2013 - 16:39:47 ---A- - C:\Windows\Prefetch\BACKGROUNDTRANSFERHOST.EXE-B8A3C404.pf O45 - LFCP:[MD5.1D84092BAD50BC76429D0A318A206A8B] - 08/09/2013 - 16:40:37 ---A- - C:\Windows\Prefetch\UNINS000.EXE-AE20BED6.pf O45 - LFCP:[MD5.47E892C92A40E42479065DAB17284058] - 08/09/2013 - 16:40:37 ---A- - C:\Windows\Prefetch\_IU14D2N.TMP-93E5A4EC.pf O45 - LFCP:[MD5.6AB0C05E710D8A5DED127320E8825C88] - 08/09/2013 - 16:40:38 ---A- - C:\Windows\Prefetch\OPTPROUNINSTALLER.EXE-1E1BD2DE.pf O45 - LFCP:[MD5.58B9E8BF35CB9B2582F520672F73ED45] - 08/09/2013 - 16:47:46 ---A- - C:\Windows\Prefetch\Op-EXPLORER.EXE-A80E4F97-000000F5.pf O45 - LFCP:[MD5.5B70C8DA0B2A4B3F8DEA92A56788C7FE] - 08/09/2013 - 16:48:06 ---A- - C:\Windows\Prefetch\EGDPSVC.EXE-93F5DEC9.pf O45 - LFCP:[MD5.07279487581A3E51E762E1D8134EE9AA] - 08/09/2013 - 16:48:11 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-97F6A314.pf O45 - LFCP:[MD5.9CBD62D4AFC0F0349E6709135BECAB10] - 08/09/2013 - 16:49:41 ---A- - C:\Windows\Prefetch\MSIEXEC.EXE-E09A077A.pf O45 - LFCP:[MD5.B517E0CF2B8ED5C10B8E6734A77A309E] - 08/09/2013 - 16:50:21 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-CF0EC82C.pf O45 - LFCP:[MD5.D15DB3FB1D85C66A1344FCE1638A7A52] - 08/09/2013 - 17:04:16 ---A- - C:\Windows\Prefetch\DELFIX.EXE-73F593BA.pf O45 - LFCP:[MD5.964ACA310226939897E9B7F6090E4E0F] - 08/09/2013 - 17:04:34 ---A- - C:\Windows\Prefetch\WMIPRVSE.EXE-1628051C.pf O45 - LFCP:[MD5.188197664F26B3DA520964862B4EA205] - 08/09/2013 - 17:04:39 ---A- - C:\Windows\Prefetch\SRTASKS.EXE-4F77756F.pf O45 - LFCP:[MD5.311E9C1B558E5533702A73318769C9B5] - 08/09/2013 - 17:06:03 ---A- - C:\Windows\Prefetch\TFC.EXE-7E6E3C07.pf O45 - LFCP:[MD5.A64A689B73903385E768D5168B28DAB4] - 08/09/2013 - 17:12:06 ---A- - C:\Windows\Prefetch\ADWCLEANER.EXE-535E0104.pf O45 - LFCP:[MD5.C4D23EF2DC4795603EB55DE071F97C54] - 08/09/2013 - 17:12:22 ---A- - C:\Windows\Prefetch\CMD.EXE-4A81B364.pf O45 - LFCP:[MD5.A1B356CC1DC24EAE333F566D4EF723B8] - 08/09/2013 - 17:12:22 ---A- - C:\Windows\Prefetch\REG.EXE-E7E8BD26.pf O45 - LFCP:[MD5.321D104F6C772D46E5FA30F7195A693E] - 08/09/2013 - 17:12:33 ---A- - C:\Windows\Prefetch\PfSvPerfStats.bin O45 - LFCP:[MD5.8CFC1CA647ACE57A87860CA7B86AAD2A] - 08/09/2013 - 17:13:53 ---A- - C:\Windows\Prefetch\CONTROL.EXE-817F8F1D.pf O45 - LFCP:[MD5.13AEA221F1B86F53395E72C7EADB07E9] - 08/09/2013 - 17:13:53 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-61F58501.pf O45 - LFCP:[MD5.6E1633F5309E17E6F50A287E014AB720] - 08/09/2013 - 17:13:53 ---A- - C:\Windows\Prefetch\MSMPENG.EXE-B2139669.pf O45 - LFCP:[MD5.6019181C396F5A82711AA8106DA77584] - 08/09/2013 - 17:13:53 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-C775D18D.pf O45 - LFCP:[MD5.E3F7EA9054B8084CF61DE6684F20F160] - 08/09/2013 - 17:15:14 ---A- - C:\Windows\Prefetch\SOFTWARECRASHHANDLER.EXE-6BA116FA.pf O45 - LFCP:[MD5.C4ECA2E0D4EDE0FA7CD6C578F05144FD] - 08/09/2013 - 17:15:14 ---A- - C:\Windows\Prefetch\SOFTWAREUPDATE.EXE-C9D94961.pf O45 - LFCP:[MD5.7D2FCA7C610E259A186B1E311D9F1770] - 08/09/2013 - 17:15:24 ---A- - C:\Windows\Prefetch\WMPNETWK.EXE-D9F2A96F.pf O45 - LFCP:[MD5.99ED37C02D9D0DFE743172BFB1E7059C] - 08/09/2013 - 17:16:28 ---A- - C:\Windows\Prefetch\ZHPDIAG2.TMP-4D53D1C2.pf O45 - LFCP:[MD5.28FE7C9D312BC65508E4422D67660AA3] - 08/09/2013 - 17:16:30 ---A- - C:\Windows\Prefetch\ZHPDIAG2.TMP-731A77D2.pf O45 - LFCP:[MD5.CFF66A6524A1590A27754BDE98248E94] - 08/09/2013 - 17:22:03 ---A- - C:\Windows\Prefetch\ZHPHEP.EXE-03FFF510.pf O45 - LFCP:[MD5.9B6BEB6470B5D4FEB7EE45CEB0616B16] - 08/09/2013 - 17:22:13 ---A- - C:\Windows\Prefetch\ZHPFIX.EXE-32786FC2.pf O45 - LFCP:[MD5.1064D56658B98178493F747FFE207F20] - 08/09/2013 - 17:25:49 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-ECB71776.pf O45 - LFCP:[MD5.30B67DFF88AB90EA1E18BC69BD10F4AB] - 08/09/2013 - 17:26:00 ---A- - C:\Windows\Prefetch\FLASHPLAYERUPDATESERVICE.EXE-216D9C35.pf O45 - LFCP:[MD5.89EFC75FA3AC887B4881DB3D2EE96E27] - 08/09/2013 - 17:31:26 ---A- - C:\Windows\Prefetch\ZHPFIX.TMP-0F6DA316.pf O45 - LFCP:[MD5.77EFF3CA0639F7EB1A922C42DF003515] - 08/09/2013 - 17:31:27 ---A- - C:\Windows\Prefetch\ZHPFIX.EXE-215AA59B.pf O45 - LFCP:[MD5.5B3BE128AFD50D25A293319D27BD4C75] - 08/09/2013 - 17:31:27 ---A- - C:\Windows\Prefetch\ZHPFIX.TMP-E8A04593.pf O45 - LFCP:[MD5.17D65947C9B58BEDACAD03A297E62C4D] - 08/09/2013 - 17:36:16 ---A- - C:\Windows\Prefetch\REGSVR32.EXE-D5170E12.pf O45 - LFCP:[MD5.120D03B6BF2907C038F268611005FFB2] - 08/09/2013 - 17:36:17 ---A- - C:\Windows\Prefetch\ESETSMARTINSTALLER_FRA.EXE-570F903C.pf O45 - LFCP:[MD5.DE85B52FA2D6BF115BFA8AABCEA77D11] - 08/09/2013 - 17:36:26 ---A- - C:\Windows\Prefetch\ONLINESCANNERAPP.EXE-B2412F9A.pf O45 - LFCP:[MD5.DB83FC0E17ED50CF39DF391CB9C0C38E] - 08/09/2013 - 17:36:34 ---A- - C:\Windows\Prefetch\ONLINECMDLINESCANNER.EXE-495F0529.pf O45 - LFCP:[MD5.2FD903B0017F2D6A5938475A038AB599] - 08/09/2013 - 17:38:00 ---A- - C:\Windows\Prefetch\ZHP 2013.TMP-69B008B4.pf O45 - LFCP:[MD5.06F6C25EB46E8D4FB19806F830E96A8D] - 08/09/2013 - 17:38:01 ---A- - C:\Windows\Prefetch\ZHP 2013.TMP-EAA25A5A.pf O45 - LFCP:[MD5.3BF9BEF4A5FB587E8E93BD31F31AE714] - 08/09/2013 - 17:38:03 ---A- - C:\Windows\Prefetch\ZHP 2013.TMP-2D4765B2.pf O45 - LFCP:[MD5.E924DED14063ADFCE1DF73C9CD937801] - 08/09/2013 - 17:38:03 ---A- - C:\Windows\Prefetch\ZHP 2013.TMP-D03E216F.pf O45 - LFCP:[MD5.64A19A9EBD598C16761C0B42B08D4959] - 08/09/2013 - 17:38:04 ---A- - C:\Windows\Prefetch\ZHP 2013.EXE-6BD59506.pf O45 - LFCP:[MD5.56B337E9B54249BB3084C1A08AE8B3EF] - 08/09/2013 - 17:38:08 ---A- - C:\Windows\Prefetch\ADDALIAS.EXE-85B15A09.pf O45 - LFCP:[MD5.509EC547DBC9C3ABCF2606535E6E04EA] - 08/09/2013 - 17:38:08 ---A- - C:\Windows\Prefetch\MINIREG.EXE-31579149.pf O45 - LFCP:[MD5.7C20968707F4FC3FE49DE75FD7CE5F1F] - 08/09/2013 - 17:44:29 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-7CFEDEA3.pf O45 - LFCP:[MD5.57F31F14CA967CB7724C0128A545B275] - 08/09/2013 - 17:45:45 ---A- - C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf O45 - LFCP:[MD5.043865CF645E4083287BAEEF53168CF0] - 08/09/2013 - 17:45:46 ---A- - C:\Windows\Prefetch\TFC.EXE-5AD6573A.pf O45 - LFCP:[MD5.E3544880132EC494B14DFFDFC8D31D40] - 08/09/2013 - 17:48:21 ---A- - C:\Windows\Prefetch\ZHPHEP.EXE-6862BD29.pf O45 - LFCP:[MD5.7B1E99C30BB2AD73C6F3EF335F934B17] - 08/09/2013 - 17:48:31 ---A- - C:\Windows\Prefetch\ZHPFIX.EXE-96DB37DB.pf O45 - LFCP:[MD5.2CD07514D5CA03558F173E3BDAB223AA] - 08/09/2013 - 17:48:36 ---A- - C:\Windows\Prefetch\REG.EXE-4978446A.pf O45 - LFCP:[MD5.458BDA56002B40893771A00DF05D4D27] - 08/09/2013 - 17:48:36 ---A- - C:\Windows\Prefetch\REGEDIT.EXE-2023FAA8.pf O45 - LFCP:[MD5.A8E17B57FE67B8B0A4D345BAE58581C7] - 08/09/2013 - 17:48:36 ---A- - C:\Windows\Prefetch\SUBINACL.EXE-5138AB0B.pf O45 - LFCP:[MD5.CBD3FAEE891B6E79D338B3E9035E1119] - 08/09/2013 - 17:48:41 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-B2EB1806.pf O45 - LFCP:[MD5.C8CD6D32F0A68922FC13251A06A461CB] - 08/09/2013 - 17:48:46 ---A- - C:\Windows\Prefetch\VSSVC.EXE-B8AFC319.pf O45 - LFCP:[MD5.054EFEE02905E744400B9EB93027D23E] - 08/09/2013 - 17:50:16 ---A- - C:\Windows\Prefetch\SMSS.EXE-E9C28FC6.pf O45 - LFCP:[MD5.25E0C3CDD0D4258E02A7E6DABC886662] - 13/09/2013 - 21:34:26 ---A- - C:\Windows\Prefetch\WINLOGON.EXE-B020DC41.pf O45 - LFCP:[MD5.0A01C52BA17842618752F1831CA8FE0C] - 13/09/2013 - 21:34:28 ---A- - C:\Windows\Prefetch\CSRSS.EXE-3FE41F7E.pf O45 - LFCP:[MD5.C3EF29AB5301D3309DC63B0DCB0AD792] - 13/09/2013 - 21:34:28 ---A- - C:\Windows\Prefetch\DWM.EXE-6FFD3DA8.pf O45 - LFCP:[MD5.CBA1FCCFC271C8999B42EDC689D50085] - 13/09/2013 - 21:34:28 ---A- - C:\Windows\Prefetch\LOGONUI.EXE-09140401.pf O45 - LFCP:[MD5.0A96575BB873161046B09E63F1EF8770] - 13/09/2013 - 21:34:31 ---A- - C:\Windows\Prefetch\NVVSVC.EXE-0B2AA3F6.pf O45 - LFCP:[MD5.ABA2F40924217E75B66D634E54B7E91E] - 13/09/2013 - 21:34:31 ---A- - C:\Windows\Prefetch\NVXDSYNC.EXE-EE6F7768.pf O45 - LFCP:[MD5.3669820DB8FC7741D00B267956368A7F] - 13/09/2013 - 21:34:38 ---A- - C:\Windows\Prefetch\NVSTREAMSVC.EXE-5E19636C.pf O45 - LFCP:[MD5.22BA50394CA8D602F8C754230702A3B9] - 13/09/2013 - 21:34:38 ---A- - C:\Windows\Prefetch\TASKENG.EXE-48D4E289.pf O45 - LFCP:[MD5.B34A5366287465485AE707A288E2B7E9] - 13/09/2013 - 21:34:42 ---A- - C:\Windows\Prefetch\LDCONFIG.EXE-FBD6EA52.pf O45 - LFCP:[MD5.CCF32E8563D540988D998C0B81E529AB] - 13/09/2013 - 21:34:43 ---A- - C:\Windows\Prefetch\MOBSYNC.EXE-C5E2284F.pf O45 - LFCP:[MD5.09323672450707F946F2F86590BFB90E] - 13/09/2013 - 21:34:48 ---A- - C:\Windows\Prefetch\RUNTIMEBROKER.EXE-72C0C855.pf O45 - LFCP:[MD5.62E7E7388EF20472D9F52341D0E30981] - 13/09/2013 - 21:34:51 ---A- - C:\Windows\Prefetch\NVTMRU.EXE-231A7003.pf O45 - LFCP:[MD5.D1E641FCAD7B55453D97FD4BA68643BE] - 13/09/2013 - 21:34:51 ---A- - C:\Windows\Prefetch\RTKNGUI64.EXE-211AE6DF.pf O45 - LFCP:[MD5.E3026C50C6454032C4BFA3FA4D6445B8] - 13/09/2013 - 21:34:52 ---A- - C:\Windows\Prefetch\KHALMNPR.EXE-EDA7D0AE.pf O45 - LFCP:[MD5.4C447B4EAD394FF4ED19C854E87F4153] - 13/09/2013 - 21:34:52 ---A- - C:\Windows\Prefetch\RAVBG64.EXE-44375395.pf O45 - LFCP:[MD5.7D0723E02D59D10E5A7F0407D0915DE1] - 13/09/2013 - 21:34:52 ---A- - C:\Windows\Prefetch\SETPOINT.EXE-3D9C2601.pf O45 - LFCP:[MD5.CDC4A1E1F18C6166A4BAC912F1C1A1B3] - 13/09/2013 - 21:34:53 ---A- - C:\Windows\Prefetch\SKYPE.EXE-E71BF59F.pf O45 - LFCP:[MD5.3FDEBD7C1D9E387FE0C2678B1CE8DA3C] - 13/09/2013 - 21:34:54 ---A- - C:\Windows\Prefetch\UPDATER.EXE-EA1310CB.pf O45 - LFCP:[MD5.00E528FFDA255D73611688781DE5BDEF] - 13/09/2013 - 21:35:02 ---A- - C:\Windows\Prefetch\MSIEXEC.EXE-A2D55CB6.pf O45 - LFCP:[MD5.58EF8EFAB772058D1DC8247A5E4BA928] - 13/09/2013 - 21:35:05 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-905A63CB.pf O45 - LFCP:[MD5.2391EAA67D30F2A159E5446D04BC298C] - 13/09/2013 - 21:35:06 ---A- - C:\Windows\Prefetch\LOGITECHUPDATE.EXE-818C3E13.pf O45 - LFCP:[MD5.D7C564CCB81E062A92739D1D680BEB82] - 13/09/2013 - 21:35:06 ---A- - C:\Windows\Prefetch\LULNCHR.EXE-09AE86D9.pf O45 - LFCP:[MD5.4B6DA1132E51302A536666AEAC485D97] - 13/09/2013 - 21:35:22 ---A- - C:\Windows\Prefetch\DBINSTALLER.EXE-98909D52.pf O45 - LFCP:[MD5.C3217890FE2211F0954F059D4E1100F7] - 13/09/2013 - 21:35:22 ---A- - C:\Windows\Prefetch\DRSUPDATE.15912677_RUNASUSER.-79AC8103.pf O45 - LFCP:[MD5.0DD72BC38400E19F7C1F1CB37BF88C05] - 13/09/2013 - 21:35:28 ---A- - C:\Windows\Prefetch\COMUPDATUS.EXE-8D36D2F0.pf O45 - LFCP:[MD5.A8B298056718088943A00D2EEF67FD49] - 13/09/2013 - 21:35:38 ---A- - C:\Windows\Prefetch\WMIADAP.EXE-F8DFDFA2.pf O45 - LFCP:[MD5.1D12168A3F84765F7D79D014B7BAD372] - 13/09/2013 - 21:36:12 ---A- - C:\Windows\Prefetch\DAO.16851624.EXE-61ACB1F3.pf O45 - LFCP:[MD5.11EDF1AB1742FB712CD3CDF36218442E] - 13/09/2013 - 21:37:13 ---A- - C:\Windows\Prefetch\FIREFOX.EXE-18ACFCFF.pf O45 - LFCP:[MD5.005EB4EA4673702C958E3D23406FAD0F] - 13/09/2013 - 21:39:47 ---A- - C:\Windows\Prefetch\JAVA.EXE-07FE5A9A.pf O45 - LFCP:[MD5.765207F8381DBE1E2E75F35E8183264B] - 13/09/2013 - 21:40:26 ---A- - C:\Windows\Prefetch\TASKHOSTEX.EXE-280CA476.pf O45 - LFCP:[MD5.A85C80F5FC11E9F38562DA27C8EF33CC] - 13/09/2013 - 21:41:35 ---A- - C:\Windows\Prefetch\AUDIODG.EXE-BDFD3029.pf O45 - LFCP:[MD5.B7B64EC83E6C9FBDDBA1C2B639135363] - 13/09/2013 - 21:41:48 ---A- - C:\Windows\Prefetch\WERMGR.EXE-0F2AC88C.pf O45 - LFCP:[MD5.8F022E9B820347BD4C5FE2D5AF97C98B] - 13/09/2013 - 21:41:48 ---A- - C:\Windows\Prefetch\ZHPDIAG2.EXE-829F2D51.pf O45 - LFCP:[MD5.90C94BCB0BF548A82E10222E7DADD15B] - 13/09/2013 - 21:41:48 ---A- - C:\Windows\Prefetch\ZHPDIAG2.TMP-D9D92154.pf O45 - LFCP:[MD5.85797424DAB6C5B9813D50F9C17795EB] - 13/09/2013 - 21:42:19 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-C39362D4.pf O45 - LFCP:[MD5.2F9928B19C99310495EA9B4E1BBA58EB] - 13/09/2013 - 21:42:22 ---A- - C:\Windows\Prefetch\THUMBNAILEXTRACTIONHOST.EXE-D9F4EA67.pf O45 - LFCP:[MD5.EDDF2E211D274EB3648528F3D854C8D8] - 13/09/2013 - 21:43:15 ---A- - C:\Windows\Prefetch\ZHPDIAG2.TMP-98CC1EB2.pf O45 - LFCP:[MD5.CC5F7B115BD433FDACE3912AA3B85738] - 13/09/2013 - 21:43:16 ---A- - C:\Windows\Prefetch\ZHPDIAG2.EXE-34EB4043.pf O45 - LFCP:[MD5.3DFE7EE026F61591051BEF97F0B98F63] - 13/09/2013 - 21:43:16 ---A- - C:\Windows\Prefetch\ZHPDIAG2.TMP-DCD458BE.pf O45 - LFCP:[MD5.470CD349041A643FA8408A24676193D5] - 13/09/2013 - 21:43:26 ---A- - C:\Windows\Prefetch\ZHPHEP.EXE-6E0B8A49.pf O45 - LFCP:[MD5.1116D088F5D944AA42C0882FB8B01E16] - 13/09/2013 - 21:43:36 ---A- - C:\Windows\Prefetch\ZHP2.EXE-B86E8D5A.pf O45 - LFCP:[MD5.A611A640F6FA72F00AEB59D9B739D45E] - 13/09/2013 - 21:44:33 ---A- - C:\Windows\Prefetch\MPCMDRUN.EXE-F401FBB4.pf O45 - LFCP:[MD5.A766AFF40148877898A27C126F5C3421] - 13/09/2013 - 21:45:04 ---A- - C:\Windows\Prefetch\TIWORKER.EXE-7368598D.pf O45 - LFCP:[MD5.CEE2A5118E7B0FFAC7FC0EF987A39DD6] - 13/09/2013 - 21:45:04 ---A- - C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-3CC531E5.pf O45 - LFCP:[MD5.2FF947D4B820CAE7DAC3AF1575CC6A64] - 13/09/2013 - 21:45:21 ---A- - C:\Windows\Prefetch\MPSIGSTUB.EXE-6CB27A06.pf O45 - LFCP:[MD5.0F86E58E54D18D61F850C77ABE1B1824] - 13/09/2013 - 21:45:22 ---A- - C:\Windows\Prefetch\AM_DELTA.EXE-B7261F63.pf O45 - LFCP:[MD5.2912B0A9921FBD7324A63C9F4C5BCC44] - 13/09/2013 - 21:45:23 ---A- - C:\Windows\Prefetch\WUAUCLT.EXE-70318591.pf O45 - LFCP:[MD5.5670207918575B05B61FDD622D9E09C2] - 13/09/2013 - 21:45:50 ---A- - C:\Windows\Prefetch\TASKHOST.EXE-CC5C42C1.pf O45 - LFCP:[MD5.F0B6B47A357B07502AA19AE2982AE5B1] - 13/09/2013 - 21:46:29 ---A- - C:\Windows\Prefetch\TASKHOST.EXE-3AE259FC.pf O45 - LFCP:[MD5.38FE0C8943FC1D5C383134EB38A230F4] - 13/09/2013 - 21:46:34 ---A- - C:\Windows\Prefetch\SPPSVC.EXE-B0F8131B.pf O45 - LFCP:[MD5.00C03A3AD287580541E8B1275585E4FF] - 13/09/2013 - 21:46:34 ---A- - C:\Windows\Prefetch\WMIPRVSE.EXE-6768A320.pf O45 - LFCP:[MD5.D8FD4D86300BAA4DAE7A26E66C5C65F6] - 13/09/2013 - 21:46:44 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-80F4A784.pf O45 - LFCP:[MD5.948D83FA3FE09705195337415428DE2C] - 13/09/2013 - 21:47:03 ---A- - C:\Windows\Prefetch\LADS.EXE-046BC4A8.pf O45 - LFCP:[MD5.867A11BC020184CABADFA1F56C50AD45] - 13/09/2013 - 21:47:21 ---A- - C:\Windows\Prefetch\NSLOOKUP.EXE-8DBC12C3.pf O45 - LFCP:[MD5.F144E49434E1F0CBE4E0413073B9B3AE] - 13/09/2013 - 21:47:25 ---A- - C:\Windows\Prefetch\MBRCHECK.EXE-2CA9EB2F.pf O45 - LFCP:[MD5.366BCCBFA5A3D9446F07AABF337E6910] - 13/09/2013 - 21:47:46 ---A- - C:\Windows\Prefetch\NOTEPAD.EXE-1605FA5B.pf O45 - LFCP:[MD5.8858EFED0D51FFDFD97104271A4F1A6E] - 13/09/2013 - 21:49:19 ---A- - C:\Windows\Prefetch\FLASHPLAYERPLUGIN_11_8_800_94-5FD421D3.pf O45 - LFCP:[MD5.A2412D9F4DAF7B097CDCF6A4E3DE0A7A] - 13/09/2013 - 21:49:19 ---A- - C:\Windows\Prefetch\PLUGIN-CONTAINER.EXE-F1B02F03.pf O45 - LFCP:[MD5.722B63C1D168F5F1C20B3981720C84E1] - 13/09/2013 - 21:49:48 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-76936ED5.pf O45 - LFCP:[MD5.B21818FA04E8E3628A517F8642F55BEB] - 13/09/2013 - 21:49:50 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-5E46FA0D.pf O45 - LFCP:[MD5.700C1E42FC665A55DA93050A84E02D04] - 13/09/2013 - 21:49:55 ---A- - C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf O45 - LFCP:[MD5.86F1A09CC85B773360D0BC7C0066DA50] - 13/09/2013 - 21:50:14 ---A- - C:\Windows\Prefetch\OPENWITH.EXE-5C93E816.pf O45 - LFCP:[MD5.9FBE156515A4069C7E179B9C1286170C] - 13/09/2013 - 21:50:36 ---A- - C:\Windows\Prefetch\NOTEPAD.EXE-D8414F97.pf O45 - LFCP:[MD5.EC48D6B3135B718A61C55E3F9306BB8B] - 13/09/2013 - 21:51:55 ---A- - C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-77482212.pf O45 - LFCP:[MD5.1C868E1A0FDC4F3282FF310B7FA404EB] - 13/09/2013 - 21:52:01 ---A- - C:\Windows\Prefetch\NVTRAY.EXE-DB83881B.pf O45 - LFCP:[MD5.1513A494177AD0C944DB9C36A80BBD89] - 13/09/2013 - 21:52:02 ---A- - C:\Windows\Prefetch\CONSENT.EXE-531BD9EA.pf O45 - LFCP:[MD5.EB53BA871CAF696C783EA5562AB0AB1E] - 13/09/2013 - 21:52:02 ---A- - C:\Windows\Prefetch\ZHPHEP.EXE-EBD3B8D7.pf O45 - LFCP:[MD5.E15BA0B21A28096690AC5463C0283E62] - 13/09/2013 - 21:52:06 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-766398D2.pf O45 - LFCP:[MD5.5DE0EDDD0F61D8A3F5007C8DB6698790] - 13/09/2013 - 21:52:12 ---A- - C:\Windows\Prefetch\ZHPDIAG.EXE-0D117CAF.pf O45 - LFCP:[MD5.335CCB8CA679B0A5BE717CC73C7854B6] - 13/09/2013 - 21:52:15 ---A- - C:\Windows\Prefetch\CMD.EXE-AC113AA8.pf O45 - LFCP:[MD5.BB1FC815456DA0D29AB3E8F0E36B2190] - 13/09/2013 - 21:52:15 ---A- - C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf O45 - LFCP:[MD5.CB53F8369CA743D27110B4B15CC36EF6] - 13/09/2013 - 21:52:15 ---A- - C:\Windows\Prefetch\CSCRIPT.EXE-0FB3F22C.pf O45 - LFCP:[MD5.62EDF0702C15E982247A1F6D5445B8E8] - 13/09/2013 - 21:52:17 ---A- - C:\Windows\Prefetch\PV.EXE-34B75B82.pf O45 - LFCP:[MD5.A50E577FEB3A26F64AA5CFB76A2D8AAA] - 13/09/2013 - 21:52:17 ---A- - C:\Windows\Prefetch\SUBINACL.EXE-AB0CE9D9.pf O45 - LFCP:[MD5.FB36AC559D36C47C5803530426EB15A9] - 13/09/2013 - 21:52:20 ---A- - C:\Windows\Prefetch\SCHTASKS.EXE-AD598958.pf O45 - LFCP:[MD5.7272F31F3A6BE949A1AE073BF23C9847] - 18/08/2013 - 17:42:08 ---A- - C:\Windows\Prefetch\DAO.16661196.EXE-7CC7EB28.pf O45 - LFCP:[MD5.7207FA618E5627CD2C384EEB870F1E8D] - 18/08/2013 - 18:26:01 ---A- - C:\Windows\Prefetch\UPDATER.EXE-55F63489.pf O45 - LFCP:[MD5.229F747E90F3A9F9A2DB4FD73B8D5E9B] - 18/08/2013 - 18:26:10 ---A- - C:\Windows\Prefetch\UPDATER.EXE-AD44FE5A.pf O45 - LFCP:[MD5.4913368BC98A5DC7C2209EBFA8942E2A] - 18/08/2013 - 19:55:07 ---A- - C:\Windows\Prefetch\MRTSTUB.EXE-469D9074.pf O45 - LFCP:[MD5.A0D96F906898BA08DB04A1E3AE4FCFA6] - 18/08/2013 - 19:55:09 ---A- - C:\Windows\Prefetch\MRT.EXE-851529F7.pf O45 - LFCP:[MD5.5AFB9961552E4616D1A460FE1E4FE436] - 18/08/2013 - 19:55:15 ---A- - C:\Windows\Prefetch\WINDOWS-KB890830-X64-V5.3-DEL-8DEF4228.pf O45 - LFCP:[MD5.438129111177FD4AC1DA0136F39D89A5] - 18/08/2013 - 21:36:45 ---A- - C:\Windows\Prefetch\MAINTENANCESERVICE.EXE-FA0B1B99.pf O45 - LFCP:[MD5.D90D97E1EFC4E81C1F1F7B90DCA20361] - 19/08/2013 - 11:10:53 ---A- - C:\Windows\Prefetch\NGEN.EXE-EC3F9239.pf O45 - LFCP:[MD5.5821B72D59B099417C10077BD49C553B] - 19/08/2013 - 13:07:40 ---A- - C:\Windows\Prefetch\WERFAULT.EXE-37549B7E.pf O45 - LFCP:[MD5.FAA5EFE4AF041451A9DD227249A765DB] - 19/08/2013 - 13:16:59 ---A- - C:\Windows\Prefetch\TASKHOST.EXE-288E383B.pf O45 - LFCP:[MD5.5BC69994EC2FB2432129C3657128D2FF] - 19/08/2013 - 15:05:22 ---A- - C:\Windows\Prefetch\LOLCLIENT.EXE-9F0F8CE6.pf O45 - LFCP:[MD5.9A7CAFCF4882EB19534FCAFAD5282E29] - 19/08/2013 - 15:05:41 ---A- - C:\Windows\Prefetch\AM_DELTA_PATCH_1.155.2524.0.E-EDE51AB8.pf O45 - LFCP:[MD5.3BA7A9FC0F0FD38946C7D220EFCC7265] - 19/08/2013 - 15:12:11 ---A- - C:\Windows\Prefetch\LEAGUE OF LEGENDS.EXE-385C89C3.pf O45 - LFCP:[MD5.BB0D0F484B523FE775566F150F57140F] - 31/08/2013 - 15:56:45 ---A- - C:\Windows\Prefetch\DAO.16768054.EXE-B71FFBB0.pf O45 - LFCP:[MD5.95431A094747A28A392B6FD19FC81156] - 31/08/2013 - 16:05:42 ---A- - C:\Windows\Prefetch\AM_ENGINE_PATCH1.EXE-8DA43CB7.pf O45 - LFCP:[MD5.B08A61EF73415688EF0791D11CDC7BE3] - 31/08/2013 - 16:05:43 ---A- - C:\Windows\Prefetch\AM_BASE_PATCH1.EXE-FC84E7C0.pf O45 - LFCP:[MD5.E78A89B3FFA3ED768162BFDAD3560D21] - 31/08/2013 - 16:11:02 ---A- - C:\Windows\Prefetch\7Z.EXE-0296DFF7.pf O45 - LFCP:[MD5.918AE99B652F8A8B66BAD470285E954A] - 31/08/2013 - 16:11:11 ---A- - C:\Windows\Prefetch\SETUP.EXE-398E90B2.pf O45 - LFCP:[MD5.EB202D59239812787D7CA34B199FC804] - 31/08/2013 - 16:11:20 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-BF304ED2.pf O45 - LFCP:[MD5.F94D977C76B1C4367D195E0F967F19CE] - 31/08/2013 - 16:11:20 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-F19F1763.pf O45 - LFCP:[MD5.16558785503F9450D1B9555FDB985B80] - 31/08/2013 - 16:11:25 ---A- - C:\Windows\Prefetch\DAEMONU.EXE-79EAD54C.pf O45 - LFCP:[MD5.324EA34D9BC3EAB6C91D26DE104E0ABC] - 31/08/2013 - 16:11:30 ---A- - C:\Windows\Prefetch\GFEXPERIENCE.EXE-03B6FA83.pf O45 - LFCP:[MD5.9FD854037E303A96F8B2D851A75280BD] - 31/08/2013 - 16:25:50 ---A- - C:\Windows\Prefetch\JXPIINSTALL.EXE-09471DD8.pf O45 - LFCP:[MD5.C0D79027A17387BDAC0FE49522C52FB7] - 31/08/2013 - 16:26:10 ---A- - C:\Windows\Prefetch\MSI592.TMP-6750C483.pf O45 - LFCP:[MD5.239497D9DC96843048505D62DCF17BAF] - 31/08/2013 - 16:26:14 ---A- - C:\Windows\Prefetch\UNPACK200.EXE-61EADE44.pf O45 - LFCP:[MD5.49D28C397B45EAB4AA677AA6682FF05E] - 31/08/2013 - 16:26:15 ---A- - C:\Windows\Prefetch\JAUREG.EXE-2358F266.pf O45 - LFCP:[MD5.6C0C33A52C0DF9C6856F761F41D54882] - 31/08/2013 - 16:29:10 ---A- - C:\Windows\Prefetch\JP2LAUNCHER.EXE-6240744E.pf O45 - LFCP:[MD5.5A1E2380B0B9A1625D81FF3ADE404CA2] - 31/08/2013 - 17:10:16 ---A- - C:\Windows\Prefetch\DEFRAG.EXE-588F90AD.pf ~ Prefetcher: 245 Scanned in 00mn 00s ---\\ Déni du service (Local Security Authority) (O48) O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Moteur du client de l’Éditeur de configuration de sécurité Windows.) -- C:\Windows\System32\scecli.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Package de sécurité Kerberos.) -- C:\Windows\System32\kerberos.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Fournisseur de sécurité TLS/SSL.) -- C:\Windows\System32\schannel.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\Windows\System32\wdigest.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Web Service Security Package.) -- C:\Windows\System32\tspkg.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pku2u Security Package.) -- C:\Windows\System32\pku2u.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Live Security Package.) -- C:\Windows\System32\livessp.dll ~ LSA: 9 Scanned in 00mn 00s ---\\ Contrôle du Safe Boot (CSB) (O49) O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\BasicDisplay.sys . (.Microsoft Corporation - Microsoft Basic Display Driver.) -- C:\Windows\System32\Drivers\BasicDisplay.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\BasicRender.sys . (.Microsoft Corporation - Microsoft Basic Render Driver.) -- C:\Windows\System32\Drivers\BasicRender.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dxgkrnl.sys . (.Microsoft Corporation - DirectX Graphics Kernel.) -- C:\Windows\System32\Drivers\dxgkrnl.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\FsDepends.sys . (.Microsoft Corporation - File System Dependency Manager Mini Filter Driver.) -- C:\Windows\System32\Drivers\FsDepends.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\System32\Drivers\sermouse.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Pilote d’extension du gestionnaire de volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\BasicDisplay.sys . (.Microsoft Corporation - Microsoft Basic Display Driver.) -- C:\Windows\System32\Drivers\BasicDisplay.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\BasicRender.sys . (.Microsoft Corporation - Microsoft Basic Render Driver.) -- C:\Windows\System32\Drivers\BasicRender.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dxgkrnl.sys . (.Microsoft Corporation - DirectX Graphics Kernel.) -- C:\Windows\System32\Drivers\dxgkrnl.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\FsDepends.sys . (.Microsoft Corporation - File System Dependency Manager Mini Filter Driver.) -- C:\Windows\System32\Drivers\FsDepends.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\System32\Drivers\ipnat.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\System32\Drivers\nsiproxy.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (...) -- C:\Windows\System32\Drivers\rdpencdd.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\System32\Drivers\sermouse.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Pilote d’extension du gestionnaire de volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys ~ CSB: 17 Scanned in 00mn 00s ---\\ Clé de registre Shell MountPoints2 (MPKS) (O51) O51 - MPSK:{c78e71df-0845-11e3-be72-f46d04978f9e}\AutoRun\command. (...) -- E:\WD SmartWare.exe (.not file.) O51 - MPSK:{c78e72cb-0845-11e3-be72-f46d04978f9e}\AutoRun\command. (...) -- F:\HTC_Sync_Manager_PC.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les pilotes (HKLM)(TDSD) (O52) O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm ~ TDSD: 2 Scanned in 00mn 00s ---\\ Enumération des clés de registre SecurityProviders (MCSP) (O54) O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll ~ MSCP: 2 Scanned in 00mn 00s ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1 O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1 O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=5 O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableCursorSuppression"=1 O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3 O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0 O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=0 O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=0 O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0 O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 17 Scanned in 00mn 00s ---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "ForceActiveDesktopOn"=0 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1 ~ MWPE Keys: 3 Scanned in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:[MD5.4F18D4C7EA14F11A7211F60D553C03DB] - 26/07/2012 - 06:00:49 ---A- . (.LSI - LSI 3ware SCSI Storport Driver.) -- C:\Windows\System32\Drivers\3ware.sys [106736] ~ Drivers: 17 Scanned in 00mn 00s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC: 13/09/2013 - 06:17:12 ---A- . (.Nicolas Coolman.) -- C:\Users\Corentin\Downloads\ZHPDiag2.exe [5143776] O61 - LFC: 13/09/2013 - 21:34:28 ---A- . (...) -- C:\Users\Corentin\AppData\Local\DProtect\log\DProtectSvc.LOG [8092] =>Trojan.Staser O61 - LFC: 13/09/2013 - 21:34:38 ----- . (...) -- C:\Users\Corentin\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm.etl [131072] O61 - LFC: 13/09/2013 - 21:34:44 ---A- . (...) -- C:\Users\Corentin\AppData\Roaming\Skype\DbTemp\temp-KDuqKyTSqLQcoMZE95IKFZYW [20480] O61 - LFC: 13/09/2013 - 21:34:44 ---A- . (...) -- C:\Users\Corentin\AppData\Roaming\Skype\shared_dynco\dc.db [2293760] O61 - LFC: 13/09/2013 - 21:34:44 ---A- . (...) -- C:\Users\Corentin\AppData\Roaming\Skype\shared_dynco\dc.db-journal [1096280] O61 - LFC: 13/09/2013 - 21:34:45 ---A- . (...) -- C:\Users\Corentin\AppData\Roaming\Skype\jojoz--\eas.db [49152] O61 - LFC: 13/09/2013 - 21:34:45 ---A- . (...) -- C:\Users\Corentin\AppData\Roaming\Skype\jojoz--\eas.db-journal [37448] O61 - LFC: 13/09/2013 - 21:35:12 ---A- . (...) -- C:\Users\Corentin\AppData\Roaming\Skype\DbTemp\temp-SnNuUehtNKcRX1tRwvvydB3s [8720] O61 - LFC: 13/09/2013 - 21:35:15 ---A- . (...) -- C:\Users\Corentin\AppData\Roaming\Skype\shared.xml [80942] O61 - LFC: 13/09/2013 - 21:35:43 ---A- . (...) -- C:\Users\Corentin\AppData\Roaming\Skype\jojoz--\chatsync\5d\5dc2bc2772de1a8e.dat [16579] O61 - LFC: 13/09/2013 - 21:39:47 ---A- . (...) -- C:\Users\Corentin\AppData\Roaming\Skype\jojoz--\bistats.db [65536] O61 - LFC: 13/09/2013 - 21:39:47 ---A- . (...) -- C:\Users\Corentin\AppData\Roaming\Skype\jojoz--\bistats.db-journal [37448] O61 - LFC: 13/09/2013 - 21:39:47 ---A- . (...) -- C:\Users\Corentin\AppData\Roaming\Skype\jojoz--\config.xml [7367] O61 - LFC: 13/09/2013 - 21:42:52 ---A- . (.Nicolas Coolman.) -- C:\Users\Corentin\AppData\Local\Temp\YXKe3QJf.exe.part [5143776] O61 - LFC: 13/09/2013 - 21:45:46 ---A- . (...) -- C:\Users\Corentin\AppData\Roaming\Skype\jojoz--\main.db [589824] O61 - LFC: 13/09/2013 - 21:45:46 ---A- . (...) -- C:\Users\Corentin\AppData\Roaming\Skype\jojoz--\main.db-journal [201608] O61 - LFC: 13/09/2013 - 21:45:58 ---A- . (...) -- C:\Users\Corentin\AppData\Roaming\Skype\jojoz--\dc.db [45056] ~ 1 Fichiers temporaires (Temporary files) ~ Files: 18 Scanned in 00mn 03s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 O63 - Logiciel: ZHPFix 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPFix_is1 ~ ADS: Scanned in 00mn 00s ---\\ Associations Shell Spawning (O67) O67 - Shell Spawning: <.bat> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.cpl> [HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe O67 - Shell Spawning: <.cmd> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.com> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.evt> [HKLM\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d’événements.) -- C:\Windows\System32\eventvwr.exe O67 - Shell Spawning: <.exe> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O67 - Shell Spawning: <.js> [HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe O67 - Shell Spawning: <.reg> [HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe O67 - Shell Spawning: <.bat> [HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.cpl> [HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe O67 - Shell Spawning: <.cmd> [HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.com> [HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.evt> [HKCR\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d’événements.) -- C:\Windows\System32\eventvwr.exe O67 - Shell Spawning: <.exe> [HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.html> [HKCR\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O67 - Shell Spawning: <.js> [HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe O67 - Shell Spawning: <.reg> [HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe ~ FASS Keys: 18 Scanned in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.qvo6.com =>Hijacker.Qvo6 O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.qvo6.com =>Hijacker.Qvo6 ~ Keys: Scanned in 00mn 00s ---\\ Enumère les service demarrés par Svchost (SSS) (O83) O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Service Expérience d’application.) -- C:\Windows\System32\aelupsvc.dll [190976] O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Service de propagation de certificats de cartes à puce Microsoft.) -- C:\Windows\System32\certprop.dll [149504] O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Service de propagation de certificats de cartes à puce Microsoft.) -- C:\Windows\System32\certprop.dll [149504] O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - DLL du service Serveur.) -- C:\Windows\System32\srvsvc.dll [309248] O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Client de stratégie de groupe.) -- C:\Windows\System32\gpsvc.dll [1366016] O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - Extension IKE.) -- C:\Windows\System32\ikeext.dll [1156096] O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Gestionnaire de numérotation automatique d’accès distant.) -- C:\Windows\System32\rasauto.dll [99840] O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Gestionnaire des connexions d’accès à distance.) -- C:\Windows\System32\rasmans.dll [358400] O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Gestionnaire d’interface dynamique.) -- C:\Windows\System32\mprdim.dll [107520] O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - Service de notification d’événements système (SENS).) -- C:\Windows\System32\sens.dll [62976] O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Composants de l’application d’assistance à Microsoft NAT.) -- C:\Windows\System32\ipnathlp.dll [438784] O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Serveur de téléphonie Microsoft® Windows(TM).) -- C:\Windows\System32\tapisrv.dll [305664] O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Agent de mise à jour automatique Windows Update.) -- C:\Windows\System32\wuaueng.dll [3241472] O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Service de transfert intelligent en arrière-plan.) -- C:\Windows\System32\qmgr.dll [826368] O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Dll des services Windows Shell.) -- C:\Windows\System32\shsvcs.dll [565760] O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service offrant une connectivité IPv6 sur un réseau IPv4..) -- C:\Windows\System32\iphlpsvc.dll [894464] O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - DLL de service d’ouverture de session secondaire.) -- C:\Windows\system32\seclogon.dll [30720] O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Service Informations d’application.) -- C:\Windows\System32\appinfo.dll [70144] O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - Service de découverte iSCSI.) -- C:\Windows\System32\iscsiexe.dll [151552] O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Service EAPHost Microsoft.) -- C:\Windows\System32\eapsvc.dll [105472] O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Service du Planificateur de tâches.) -- C:\Windows\System32\schedsvc.dll [1285632] O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\System32\wbem\WMIsvc.dll [219648] O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Service Planificateur de classes multimédias.) -- C:\Windows\System32\mmcss.dll [80896] O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - DLL du service Explorateur d’ordinateurs.) -- C:\Windows\System32\browser.dll [134144] O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\System32\profsvc.dll [209920] O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Service Configuration des services Bureau à distance.) -- C:\Windows\System32\sessenv.dll [291328] O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Rapports et solutions aux problèmes.) -- C:\Windows\System32\wercplsupport.dll [84992] O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Service Gestion des clés.) -- C:\Windows\System32\kmsvc.dll [97792] O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - Service BDE.) -- C:\Windows\System32\bdesvc.dll [190976] O83 - Search Svchost Services: wlidsvc (wlidsvc) . (.Microsoft Corporation - Service de compte Microsoft®.) -- C:\Windows\System32\wlidsvc.dll [1964544] O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - DLL du service des thèmes Windows Shell.) -- C:\Windows\System32\themeservice.dll [47104] O83 - Search Svchost Services: DsmSvc (DsmSvc) . (.Microsoft Corporation - Gestionnaire d’installation de périphérique.) -- C:\Windows\System32\DeviceSetupManager.dll [207872] O83 - Search Svchost Services: NcaSvc (NcaSvc) . (.Microsoft Corporation - Service Assistant Connectivité réseau Microsoft.) -- C:\Windows\System32\ncasvc.dll [161792] O83 - Search Svchost Services: SystemEventsBroker (SystemEventsBroker) . (.Microsoft Corporation - Service Broker pour les événements système.) -- C:\Windows\System32\SystemEventsBrokerServer.dll [180224] O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Service Installation de logiciels.) -- C:\Windows\System32\appmgmts.dll [187392] ~ Services: 35 Scanned in 00mn 00s ---\\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.788FCDDD88240A85039F7F561093B118] [SPRF][08/09/2013] (.OldTimer Tools - Pas de description.) -- C:\Users\Corentin\Desktop\TFC.exe [448512] ~ Files: 1 Scanned in 00mn 00s ---\\ Liste des exceptions du parefeu (FirewallRules) (O87) O87 - FAEL: "vm-monitoring-rpc" | In - None - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "vm-monitoring-dcom" | In - None - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WMP-In-UDP" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe O87 - FAEL: "WMP-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe O87 - FAEL: "WMP-Out-TCP" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe O87 - FAEL: "SNMPTRAP-In-UDP" | In - Public - P17 - FALSE | .(.Microsoft Corporation - Interruption SNMP.) -- C:\Windows\system32\snmptrap.exe O87 - FAEL: "SNMPTRAP-In-UDP-NoScope" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Interruption SNMP.) -- C:\Windows\system32\snmptrap.exe O87 - FAEL: "Wininit-Shutdown-In-Rule-TCP-RPC" | In - None - P6 - FALSE | .(.Microsoft Corporation - Application de démarrage de Windows.) -- C:\Windows\system32\wininit.exe O87 - FAEL: "Wininit-Shutdown-In-Rule-TCP-RPC-EPMapper" | In - None - P6 - FALSE | .(.Microsoft Corporation - Application de démarrage de Windows.) -- C:\Windows\system32\wininit.exe O87 - FAEL: "PNRPMNRS-PNRP-In-UDP" | In - None - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "PNRPMNRS-PNRP-Out-UDP" | Out - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "PNRPMNRS-SSDPSrv-In-UDP" | In - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "PNRPMNRS-SSDPSrv-Out-UDP" | Out - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteFwAdmin-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteFwAdmin-RPCSS-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteFwAdmin-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteFwAdmin-RPCSS-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "Netlogon-TCP-RPC-In" | In - None - P6 - FALSE | .(.Microsoft Corporation - Local Security Authority Process.) -- C:\Windows\System32\lsass.exe O87 - FAEL: "WMI-RPCSS-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WMI-WINMGMT-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WMI-WINMGMT-Out-TCP-NoScope" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WMI-ASYNC-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) -- C:\Windows\system32\wbem\unsecapp.exe O87 - FAEL: "WMI-RPCSS-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WMI-WINMGMT-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WMI-WINMGMT-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WMI-ASYNC-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) -- C:\Windows\system32\wbem\unsecapp.exe O87 - FAEL: "MsiScsi-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "MsiScsi-Out-TCP-NoScope" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "MsiScsi-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "MsiScsi-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "ProximityUxHost-Sharing-In-TCP-NoScope" | In - None - P6 - TRUE | .(.Microsoft Corporation - Hôte UX de proximité.) -- C:\Windows\system32\proximityuxhost.exe O87 - FAEL: "ProximityUxHost-Sharing-Out-TCP-NoScope" | Out - None - P6 - TRUE | .(.Microsoft Corporation - Hôte UX de proximité.) -- C:\Windows\system32\proximityuxhost.exe O87 - FAEL: "FPS-SpoolSvc-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Application sous-système spouleur.) -- C:\Windows\system32\spoolsv.exe O87 - FAEL: "FPS-SpoolSvc-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Application sous-système spouleur.) -- C:\Windows\system32\spoolsv.exe O87 - FAEL: "FPS-LLMNR-In-UDP" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "FPS-LLMNR-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NETDIS-UPnPHost-Out-TCP-NoScope" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NETDIS-WSDEVNTS-Out-TCP-NoScope" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NETDIS-WSDEVNT-Out-TCP-NoScope" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NETDIS-SSDPSrv-In-UDP-Active" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NETDIS-SSDPSrv-Out-UDP-Active" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NETDIS-UPnPHost-Out-TCP-Active" | Out - Private - P6 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NETDIS-UPnP-Out-TCP-Active" | Out - Private - P6 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NETDIS-FDPHOST-In-UDP-Active" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NETDIS-DAS-In-UDP-Active" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Device Association Framework Provider Host.) -- C:\Windows\system32\dashost.exe O87 - FAEL: "NETDIS-FDPHOST-Out-UDP-Active" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NETDIS-LLMNR-In-UDP-Active" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NETDIS-LLMNR-Out-UDP-Active" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NETDIS-FDRESPUB-WSD-In-UDP-Active" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NETDIS-FDRESPUB-WSD-Out-UDP-Active" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NETDIS-WSDEVNTS-Out-TCP-Active" | Out - Private - P6 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NETDIS-WSDEVNT-Out-TCP-Active" | Out - Private - P6 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NETDIS-SSDPSrv-In-UDP" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NETDIS-SSDPSrv-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NETDIS-UPnP-Out-TCP" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NETDIS-UPnPHost-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NETDIS-FDPHOST-In-UDP" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NETDIS-DAS-In-UDP" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Device Association Framework Provider Host.) -- C:\Windows\system32\dashost.exe O87 - FAEL: "NETDIS-FDPHOST-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NETDIS-LLMNR-In-UDP" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NETDIS-LLMNR-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NETDIS-FDRESPUB-WSD-In-UDP" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NETDIS-FDRESPUB-WSD-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NETDIS-WSDEVNTS-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NETDIS-WSDEVNT-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-In" | In - Private - P6 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-Out" | Out - Private - P6 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-In" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-Out" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteAssistance-In-TCP-EdgeScope" | In - Public - P6 - TRUE | .(.Microsoft Corporation - Assistance à distance Windows.) -- C:\Windows\system32\msra.exe O87 - FAEL: "RemoteAssistance-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - Assistance à distance Windows.) -- C:\Windows\system32\msra.exe O87 - FAEL: "RemoteAssistance-PnrpSvc-UDP-In-EdgeScope" | In - Public - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteAssistance-PnrpSvc-UDP-OUT" | Out - Public - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteAssistance-RAServer-In-TCP-NoScope-Active" | In - Domain - P6 - TRUE | .(.Microsoft Corporation - Serveur COM d’assistance à distance Windows.) -- C:\Windows\system32\raserver.exe O87 - FAEL: "RemoteAssistance-RAServer-Out-TCP-NoScope-Active" | Out - Domain - P6 - TRUE | .(.Microsoft Corporation - Serveur COM d’assistance à distance Windows.) -- C:\Windows\system32\raserver.exe O87 - FAEL: "RemoteAssistance-DCOM-In-TCP-NoScope-Active" | In - Domain - P6 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteAssistance-In-TCP-EdgeScope-Active" | In - Domain - P6 - TRUE | .(.Microsoft Corporation - Assistance à distance Windows.) -- C:\Windows\system32\msra.exe O87 - FAEL: "RemoteAssistance-Out-TCP-Active" | Out - Domain - P6 - TRUE | .(.Microsoft Corporation - Assistance à distance Windows.) -- C:\Windows\system32\msra.exe O87 - FAEL: "RemoteAssistance-SSDPSrv-In-UDP-Active" | In - Domain - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteAssistance-SSDPSrv-Out-UDP-Active" | Out - Domain - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteAssistance-PnrpSvc-UDP-In-EdgeScope-Active" | In - Domain - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteAssistance-PnrpSvc-UDP-OUT-Active" | Out - Domain - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "MSDTC-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Service Microsoft Distributed Transaction Coordinator.) -- C:\Windows\system32\msdtc.exe O87 - FAEL: "MSDTC-Out-TCP-NoScope" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Service Microsoft Distributed Transaction Coordinator.) -- C:\Windows\system32\msdtc.exe O87 - FAEL: "MSDTC-KTMRM-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "MSDTC-RPCSS-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "MSDTC-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Service Microsoft Distributed Transaction Coordinator.) -- C:\Windows\system32\msdtc.exe O87 - FAEL: "MSDTC-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - Service Microsoft Distributed Transaction Coordinator.) -- C:\Windows\system32\msdtc.exe O87 - FAEL: "MSDTC-KTMRM-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "MSDTC-RPCSS-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WMPNSS-QWave-In-UDP-NoScope" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WMPNSS-QWave-Out-UDP-NoScope" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WMPNSS-QWave-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WMPNSS-QWave-Out-TCP-NoScope" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WMPNSS-WMP-In-UDP-NoScope" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe O87 - FAEL: "WMPNSS-WMP-Out-UDP-NoScope" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe O87 - FAEL: "WMPNSS-WMP-Out-TCP-NoScope" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe O87 - FAEL: "WMPNSS-In-UDP-NoScope" |In - Domain - P17 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.) O87 - FAEL: "WMPNSS-Out-UDP-NoScope" |Out - Domain - P17 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.) O87 - FAEL: "WMPNSS-In-TCP-NoScope" |In - Domain - P6 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.) O87 - FAEL: "WMPNSS-Out-TCP-NoScope" |Out - Domain - P6 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.) O87 - FAEL: "WMPNSS-QWave-In-UDP" | In - Public - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WMPNSS-QWave-Out-UDP" | Out - Public - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WMPNSS-QWave-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WMPNSS-QWave-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WMPNSS-SSDPSrv-In-UDP" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WMPNSS-SSDPSrv-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WMPNSS-WMP-In-UDP" | In - Public - P17 - FALSE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe O87 - FAEL: "WMPNSS-WMP-Out-UDP" | Out - Public - P17 - FALSE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe O87 - FAEL: "WMPNSS-WMP-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe O87 - FAEL: "WMPNSS-In-UDP" |In - Public - P17 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.) O87 - FAEL: "WMPNSS-Out-UDP" |Out - Public - P17 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.) O87 - FAEL: "WMPNSS-In-TCP" |In - Public - P6 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.) O87 - FAEL: "WMPNSS-Out-TCP" |Out - Public - P6 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.) O87 - FAEL: "WMPNSS-UPnP-Out-TCP" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteEventLogSvc-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteEventLogSvc-RPCSS-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteEventLogSvc-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteEventLogSvc-RPCSS-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "PlayTo-In-UDP-NoScope" | In - Domain - P17 - TRUE | .(.Microsoft Corporation - Serveur Lire sur.) -- C:\Windows\system32\mdeserver.exe O87 - FAEL: "PlayTo-In-UDP-LocalSubnetScope" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Serveur Lire sur.) -- C:\Windows\system32\mdeserver.exe O87 - FAEL: "PlayTo-In-UDP-PlayToScope" | In - Public - P17 - TRUE | .(.Microsoft Corporation - Serveur Lire sur.) -- C:\Windows\system32\mdeserver.exe O87 - FAEL: "PlayTo-Out-UDP-NoScope" | Out - Domain - P17 - TRUE | .(.Microsoft Corporation - Serveur Lire sur.) -- C:\Windows\system32\mdeserver.exe O87 - FAEL: "PlayTo-Out-UDP-LocalSubnetScope" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Serveur Lire sur.) -- C:\Windows\system32\mdeserver.exe O87 - FAEL: "PlayTo-Out-UDP-PlayToScope" | Out - Public - P17 - TRUE | .(.Microsoft Corporation - Serveur Lire sur.) -- C:\Windows\system32\mdeserver.exe O87 - FAEL: "PlayTo-In-RTSP-NoScope" | In - Domain - P6 - TRUE | .(.Microsoft Corporation - Serveur Lire sur.) -- C:\Windows\system32\mdeserver.exe O87 - FAEL: "PlayTo-In-RTSP-LocalSubnetScope" | In - Private - P6 - TRUE | .(.Microsoft Corporation - Serveur Lire sur.) -- C:\Windows\system32\mdeserver.exe O87 - FAEL: "PlayTo-In-RTSP-PlayToScope" | In - Public - P6 - TRUE | .(.Microsoft Corporation - Serveur Lire sur.) -- C:\Windows\system32\mdeserver.exe O87 - FAEL: "PlayTo-SSDP-Discovery-PlayToScope" | In - Public - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "PlayTo-QWave-In-UDP-PlayToScope" | In - Public - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "PlayTo-QWave-Out-UDP-PlayToScope" | Out - Public - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "PlayTo-QWave-In-TCP-PlayToScope" | In - Public - P6 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "PlayTo-QWave-Out-TCP-PlayToScope" | Out - Public - P6 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "TPMVSCMGR-RPCSS-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "TPMVSCMGR-Server-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - TPM Virtual Smart Card Manager DCOM Server.) -- C:\Windows\system32\RmtTpmVscMgrSvr.exe O87 - FAEL: "TPMVSCMGR-Server-Out-TCP-NoScope" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - TPM Virtual Smart Card Manager DCOM Server.) -- C:\Windows\system32\RmtTpmVscMgrSvr.exe O87 - FAEL: "TPMVSCMGR-RPCSS-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "TPMVSCMGR-Server-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - TPM Virtual Smart Card Manager DCOM Server.) -- C:\Windows\system32\RmtTpmVscMgrSvr.exe O87 - FAEL: "TPMVSCMGR-Server-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - TPM Virtual Smart Card Manager DCOM Server.) -- C:\Windows\system32\RmtTpmVscMgrSvr.exe O87 - FAEL: "Collab-P2PHost-In-TCP" |In - None - P6 - TRUE | .(...) -- C:\Windows\system32\p2phost.exe (.not file.) O87 - FAEL: "Collab-P2PHost-Out-TCP" |Out - None - P6 - FALSE | .(...) -- C:\Windows\system32\p2phost.exe (.not file.) O87 - FAEL: "Collab-P2PHost-WSD-In-UDP" |In - None - P17 - FALSE | .(...) -- C:\Windows\system32\p2phost.exe (.not file.) O87 - FAEL: "Collab-P2PHost-WSD-Out-UDP" |Out - None - P17 - FALSE | .(...) -- C:\Windows\system32\p2phost.exe (.not file.) O87 - FAEL: "Collab-PNRP-In-UDP" | In - None - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "Collab-PNRP-Out-UDP" | Out - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "Collab-PNRP-SSDPSrv-In-UDP" | In - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "Collab-PNRP-SSDPSrv-Out-UDP" | Out - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteSvcAdmin-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Applications Services et Contrôleur.) -- C:\Windows\system32\services.exe O87 - FAEL: "RemoteSvcAdmin-RPCSS-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteSvcAdmin-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Applications Services et Contrôleur.) -- C:\Windows\system32\services.exe O87 - FAEL: "RemoteSvcAdmin-RPCSS-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "PerfLogsAlerts-PLASrv-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Performance Logs and Alerts DCOM Server.) -- C:\Windows\system32\plasrv.exe O87 - FAEL: "PerfLogsAlerts-DCOM-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "PerfLogsAlerts-PLASrv-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Performance Logs and Alerts DCOM Server.) -- C:\Windows\system32\plasrv.exe O87 - FAEL: "PerfLogsAlerts-DCOM-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "CoreNet-DHCP-In" | In - None - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "CoreNet-DHCP-Out" | Out - None - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "CoreNet-DHCPV6-In" | In - None - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "CoreNet-DHCPV6-Out" | Out - None - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "CoreNet-Teredo-In" | In - None - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "CoreNet-Teredo-Out" | Out - None - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "CoreNet-IPHTTPS-Out" | Out - None - P6 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "CoreNet-GP-Out-TCP" | Out - Domain - P6 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "CoreNet-DNS-Out-UDP" | Out - None - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "CoreNet-GP-LSASS-Out-TCP" | Out - Domain - P6 - TRUE | .(.Microsoft Corporation - Local Security Authority Process.) -- C:\Windows\system32\lsass.exe O87 - FAEL: "RVM-VDS-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Service de disque virtuel.) -- C:\Windows\system32\vds.exe O87 - FAEL: "RVM-VDSLDR-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Virtual Disk Service Loader.) -- C:\Windows\system32\vdsldr.exe O87 - FAEL: "RVM-RPCSS-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RVM-VDS-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Service de disque virtuel.) -- C:\Windows\system32\vds.exe O87 - FAEL: "RVM-VDSLDR-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Virtual Disk Service Loader.) -- C:\Windows\system32\vdsldr.exe O87 - FAEL: "RVM-RPCSS-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteTask-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteTask-RPCSS-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteTask-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteTask-RPCSS-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteDesktop-UserMode-In-TCP" | In - None - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteDesktop-UserMode-In-UDP" | In - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WPDMTP-Out-TCP-NoScope" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes.) -- C:\Windows\system32\wudfhost.exe O87 - FAEL: "WPDMTP-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes.) -- C:\Windows\system32\wudfhost.exe O87 - FAEL: "WPDMTP-SSDPSrv-In-UDP" | In - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WPDMTP-SSDPSrv-Out-UDP" | Out - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WPDMTP-UPnPHost-Out-TCP" | Out - None - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WPDMTP-UPnP-Out-TCP" | Out - None - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "SPPSVC-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - KMS Connection Broker.) -- C:\Windows\system32\sppextcomobj.exe O87 - FAEL: "SPPSVC-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - KMS Connection Broker.) -- C:\Windows\system32\sppextcomobj.exe O87 - FAEL: "Microsoft-Windows-PeerDist-WSD-In" | In - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "Microsoft-Windows-PeerDist-WSD-Out" | Out - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "MCX-SSDPSrv-In-UDP" | In - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "MCX-SSDPSrv-Out-UDP" | Out - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "MCX-In-TCP" |In - None - P6 - FALSE | .(...) -- C:\Windows\ehome\ehshell.exe (.not file.) O87 - FAEL: "MCX-Out-TCP" |Out - None - P6 - FALSE | .(...) -- C:\Windows\ehome\ehshell.exe (.not file.) O87 - FAEL: "MCX-QWave-In-UDP" | In - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "MCX-QWave-Out-UDP" | Out - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "MCX-QWave-In-TCP" | In - None - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "MCX-QWave-Out-TCP" | Out - None - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "MCX-TERMSRV-In-TCP" | In - None - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "MCX-In-UDP" |In - None - P17 - FALSE | .(...) -- C:\Windows\ehome\ehshell.exe (.not file.) O87 - FAEL: "MCX-Out-UDP" |Out - None - P17 - FALSE | .(...) -- C:\Windows\ehome\ehshell.exe (.not file.) O87 - FAEL: "MCX-MCX2SVC-Out-TCP" | Out - None - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "MCX-PlayTo-Out-TCP" | Out - None - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "MCX-PlayTo-Out-UDP" | Out - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "MCX-FDPHost-Out-TCP" | Out - None - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "{AE323509-2ABB-4719-ADB3-9D53E05FE9C3}" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "{EC524547-9680-460A-BC75-C1E1F05B1B8B}" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "{9141A9BF-2488-4D3F-AAF5-552F6CB90C75}" | In - Private - P6 - TRUE | .(.Microsoft Corporation - Application sous-système spouleur.) -- C:\Windows\system32\spoolsv.exe O87 - FAEL: "{E6E1155F-FE4E-48A6-84A3-E66C8E89ACA8}" | Out - Private - P6 - TRUE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe O87 - FAEL: "{80AEBB97-761B-4F30-BC28-68C6512E7C58}" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe O87 - FAEL: "{F696201A-36C9-4AE2-B3E5-6D5E5C4F282B}" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe O87 - FAEL: "{1FF78645-8145-4BF0-B524-5C4FF937A63D}" | Out - Private - P6 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "{1653F937-A55D-431D-A665-95D905430B23}" |Out - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.) O87 - FAEL: "{37EA9A38-3A66-4D4F-94A8-4E2A7ABBF1E1}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.) O87 - FAEL: "{31E38DF0-409C-47DC-B7E2-B7201B879AB5}" |Out - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.) O87 - FAEL: "{82810752-1B30-4420-8D1E-1BDFE7DC5D4C}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.) O87 - FAEL: "{5DCF3ADF-CED3-4849-BE2A-C3F72A62AA4C}" | Out - Private - P6 - TRUE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe O87 - FAEL: "{5BDB0D7A-8819-46D0-8F21-4F2051127EE6}" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe O87 - FAEL: "{A15FB370-16A8-4F72-BF3F-939E28B731D3}" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe O87 - FAEL: "{9342D74F-1046-4776-9411-67DB43348BC1}" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "{BAA3C8D5-51A7-45D3-9238-F7BC8EB69523}" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "{215C93B8-89FE-479A-8AC0-1783FF250513}" | Out - Private - P6 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "{0E42F276-41AB-4A79-8F67-4C79DF178077}" | In - Private - P6 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "{1C12CAAA-47FF-4470-B3D6-096640162316}" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "{F58247FB-F35F-471E-9EE8-08E5FBCD789F}" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "{7A6DE31D-F3E5-48CE-A746-F1A5D84DA4A8}" | In - Private - P6 - TRUE | .(.TeamViewer GmbH - TeamViewer 8.) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe O87 - FAEL: "{3CD3A0A5-F12F-4988-8C8F-DCEEBC4044F8}" | In - Private - P17 - TRUE | .(.TeamViewer GmbH - TeamViewer 8.) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe O87 - FAEL: "{E24A1906-FE62-4C80-B445-4D3F36CD41C3}" | In - Private - P6 - TRUE | .(.TeamViewer GmbH - TeamViewer 8.) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe O87 - FAEL: "{312FA8C5-C122-4B01-A507-27267A220125}" | In - Private - P17 - TRUE | .(.TeamViewer GmbH - TeamViewer 8.) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe O87 - FAEL: "{ACB2E159-9461-46DB-BF13-5B1EDE786D97}" | In - Domain - P6 - TRUE | .(.Pas de propriétaire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe O87 - FAEL: "{04A94304-FFAC-4EEC-A98F-8E86955257C4}" | In - Domain - P17 - TRUE | .(.Pas de propriétaire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe O87 - FAEL: "{26D5FBB0-A8D6-446D-8712-B9A4B42B7708}" | In - Private - P6 - TRUE | .(.Pas de propriétaire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe O87 - FAEL: "{F2FBFA35-44D2-4FAC-82B6-DBFD6E36D9C4}" | In - Private - P17 - TRUE | .(.Pas de propriétaire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe O87 - FAEL: "{682AA742-B08D-469C-8D5F-DC389E45FEB9}" | In - None - P17 - TRUE | .(.Pas de propriétaire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe O87 - FAEL: "TCP Query User{3F6D7427-5DAC-47BE-ADE9-3FE829A81E5F}C:\program files (x86)\warcraft iii\war3.exe" | In - Private - P6 - TRUE | .(.Blizzard Entertainment - Warcraft III.) -- C:\program files (x86)\warcraft iii\war3.exe O87 - FAEL: "UDP Query User{1683E9BE-EB49-4D91-83DD-A2DB437997A6}C:\program files (x86)\warcraft iii\war3.exe" | In - Private - P17 - TRUE | .(.Blizzard Entertainment - Warcraft III.) -- C:\program files (x86)\warcraft iii\war3.exe O87 - FAEL: "TCP Query User{9173A1DA-D42B-466B-8BCA-7E0778219A59}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" | In - Private - P6 - TRUE | .(.Oracle Corporation.) -- C:\program files (x86)\jdownloader\jre\bin\javaw.exe O87 - FAEL: "UDP Query User{42089493-D026-4195-B374-31FA0BE64741}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" | In - Private - P17 - TRUE | .(.Oracle Corporation.) -- C:\program files (x86)\jdownloader\jre\bin\javaw.exe O87 - FAEL: "{8BC5B80C-5A8F-49BE-A236-D2125A853EB1}" | In - None - P17 - TRUE | .(.Apple Inc. - WebKit2WebProcess.exe.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe O87 - FAEL: "{364252C9-9D1F-443B-B731-5720B58F7237}" | In - Private - P6 - TRUE | .(.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe O87 - FAEL: "{D757AAFB-BBFF-42B3-ADCD-EF3CA3588BA9}" | In - Private - P17 - TRUE | .(.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe O87 - FAEL: "{A0C70C66-F4A9-4012-A3F9-D6EFED3C2669}" | In - Private - P6 - TRUE | .(.Apple Inc. - Bonjour Service.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe O87 - FAEL: "{BF441FC5-47B4-4879-ABD0-96E0707A2D9A}" | In - Private - P17 - TRUE | .(.Apple Inc. - Bonjour Service.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe O87 - FAEL: "{03E94FDF-10E9-4410-AFE4-AA394368774D}" | In - None - P17 - TRUE | .(.Apple Inc. - iTunes.) -- C:\Program Files (x86)\iTunes\iTunes.exe O87 - FAEL: "{F70D587E-724D-4A89-AA17-3D0072C27B1C}" | In - None - P6 - TRUE | .(.NVIDIA Corporation - NVIDIA Streamer Service.) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe O87 - FAEL: "{B24DE7AA-3D1F-4EA9-9F31-10B0F23B5D7A}" | In - None - P17 - TRUE | .(.NVIDIA Corporation - NVIDIA Streamer Service.) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe O87 - FAEL: "{80A80D76-9D94-4A15-9224-11DFA1B8931E}" | In - None - P6 - TRUE | .(.NVIDIA Corporation - NVIDIA Streamer Server Component.) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe O87 - FAEL: "{028615AB-E9BC-459D-BEE8-9FDF77DA607D}" | In - None - P17 - TRUE | .(.NVIDIA Corporation - NVIDIA Streamer Server Component.) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe O87 - FAEL: "{C2A58AF9-3A42-4463-8B1A-7379C376569B}" | In - Private - P6 - FALSE | .(.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O87 - FAEL: "{6DAEC8A5-220F-4EC4-939B-4806B44071D3}" | In - Private - P17 - FALSE | .(.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O87 - FAEL: "{25BB2D25-6194-4CD0-9B69-20D94D2830C2}" | In - None - P6 - TRUE | .(.NVIDIA Corporation - NVIDIA Streamer Service.) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe O87 - FAEL: "{B5FAB5DE-07B3-401E-9B3D-E406C634C15F}" | In - None - P17 - TRUE | .(.NVIDIA Corporation - NVIDIA Streamer Service.) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe O87 - FAEL: "{551780B9-BFFD-4474-8E32-E97717F4369F}" | In - None - P6 - TRUE | .(.NVIDIA Corporation - NVIDIA Streamer Server Component.) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe O87 - FAEL: "{AF5EE51F-23F5-4587-A96D-DB227F2E1E9B}" | In - None - P17 - TRUE | .(.NVIDIA Corporation - NVIDIA Streamer Server Component.) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe O87 - FAEL: "{EB5E10EE-1F8B-4657-875B-71413B6113EC}" | In - Public - P6 - TRUE | .(.Woodtale Technology Inc - eBPSvc.) -- C:\Users\Corentin\AppData\Local\DProtect\DProtectSvc.exe =>Trojan.Staser O87 - FAEL: "{F9791EDC-D495-401D-A412-58AE7B776E8E}" | In - None - P6 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe ~ Firewall: 253 Scanned in 00mn 00s ---\\ Enumère les codes produits des logiciels (PUC) (O90) O90 - PUC: "045F27F206F16624596059B2126D46D0" . (.Apple Mobile Device Support.) -- C:\Windows\Installer\{2F72F540-1F60-4266-9506-952B21D6640D}\Installer.ico O90 - PUC: "1EBF2823CF538D8489AC11A5E51F9F4B" . (.NVIDIA PhysX.) -- C:\Windows\Installer\{3282FBE1-35FC-48D8-98CA-115A5EF1F9B4}\icon.ico O90 - PUC: "277C90D53BCEB244C96C4B43C187DF2C" . (.Apple Application Support.) -- C:\Windows\Installer\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}\WinInstall.ico O90 - PUC: "2B0163E6D0340BE4183EB2758E9BEDD8" . (.Bonjour.) -- C:\Windows\Installer\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}\Bonjour.ico O90 - PUC: "30F0FF67707B23345B1D5AC6383015E4" . (.iTunes.) -- C:\Windows\Installer\{76FF0F03-B707-4332-B5D1-A56C8303514E}\Installer.ico O90 - PUC: "46B5A9879DD95AB419A50FCFA0B1B7EF" . (.Apple Software Update.) -- C:\Windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\Installer.ico O90 - PUC: "D25657E31B99E7141B36EB3FC3DAF361" . (.League of Legends.) -- C:\Windows\Installer\{3E75652D-99B1-417E-B163-BEF33CAD3F16}\lol.launcher_1.exe O90 - PUC: "E7FF67E4ABEA78C47B88DC745E24B5D9" . (.Skype™ 6.3.) -- C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe ~ Update Products: 17 Scanned in 00mn 00s ---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS) [MD5.B06712BF5643BB55600A040F210DC218] [WIS][08/09/2013] (.Skype Technologies S.A. - Skype.) -- C:\Windows\Installer\3dfc859.msi [20586496] [MD5.DB412E021C8721F3F5EBC82C8796E31D] [WIS][13/07/2013] (.Riot Games - League of Legends.) -- C:\Windows\Installer\508791.msi [3681280] ~ WIS: 18 Scanned in 00mn 00s ---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 13/07/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SR - | Auto 21/12/2012 57008 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 29/08/2012 208384 | (AtherosSvc) . (.Atheros Commnucations.) - C:\Windows\System32\AdminService.exe SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SR - | Auto 08/09/2013 342592 | (DPService) . (.Woodtale Technology Inc.) - C:\Users\Corentin\AppData\Local\DProtect\DProtectSvc.exe =>Trojan.Staser SR - | Auto 07/07/2013 210024 | (DTSAudioService) . (.DTS.) - C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe SR - | Auto 20/04/2012 635104 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe SR - | Demand 31/05/2013 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SS - | Demand 08/02/2013 359664 | (LBTServ) . (.Logitech, Inc..) - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe SS - | Demand 18/08/2013 117656 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe SR - | Auto 27/08/2013 14997280 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe SR - | Auto 21/06/2013 884512 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe SR - | Auto 27/08/2013 2155296 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe SS - | Auto 28/02/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe SS - | Auto 21/06/2013 413472 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe SR - | Auto 08/07/2013 4153184 | (TeamViewer8) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe SR - | Demand 20/09/2012 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 00s ---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80) Run by Corentin at 13/09/2013 22:52:47 ~ OS 64 not supported by MBR tool ~ MBR: 0 Scanned in 00mn 00s ---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by Corentin at 13/09/2013 22:52:49 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 02s ---\\ Scan Additionnel (O88) Database Version : 12911 - (11/09/2013) Clés trouvées (Keys found) : 1 Valeurs trouvées (Values found) : 4 Dossiers trouvés (Folders found) : 3 Fichiers trouvés (Files found) : 12 [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\DProtect] =>Trojan.Staser^ C:\Users\Corentin\AppData\Local\DProtect =>Trojan.Staser^ C:\Program Files (x86)\Software =>Adware.Boxore C:\Users\Corentin\AppData\Local\Software =>Adware.Boxore C:\Users\Corentin\AppData\Local\DProtect\DProtectSvc.exe =>Trojan.Staser^ C:\Windows\Prefetch\ADKS_AR_QVO6.EXE-8FC15123.pf =>Hijacker.Qvo6^ C:\Windows\Prefetch\DPROTECT.EXE-43DF62DF.pf =>Trojan.Staser^ C:\Windows\Prefetch\DPROTECTSVC.EXE-BB1ED493.pf =>Trojan.Staser^ C:\Windows\Prefetch\OBBOXORE.EXE-13E21633.pf =>Adware.Boxore^ C:\Windows\Prefetch\BOXOREINSTALLER.EXE-59FCD204.pf =>Adware.Boxore^ C:\Windows\Prefetch\BOXORE.EXE-BCDE0609.pf =>Adware.Boxore^ C:\Windows\Prefetch\OPTIMIZERPRODYNAMIC.EXE-2CED5428.pf =>PUP.OptimizerPro^ C:\Windows\Prefetch\OPTIMIZER_PRO.EXE-DC666072.pf =>PUP.OptimizerPro^ C:\Windows\Prefetch\OPTIMIZER_PRO.TMP-4F43C0A6.pf =>PUP.OptimizerPro^ C:\Windows\Prefetch\OPTIMIZERPRO.EXE-507507D1.pf =>PUP.OptimizerPro^ C:\Users\Corentin\AppData\Local\DProtect\log\DProtectSvc.LOG =>Trojan.Staser^ ~ Additionnel Scan: 192981 Items scanned in 00mn 08s ---\\ Récapitulatif des détections trouvées sur votre station ~ http://nicolascoolman.webs.com/apps/blog/show/32771797-trojan-staser =>Trojan.Staser ~ http://nicolascoolman.webs.com/apps/blog/show/26631242-hijacker-qvo6 =>Hijacker.Qvo6 ~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore =>Adware.Boxore ~ http://nicolascoolman.webs.com/apps/blog/show/28204239-pup-optimizerpro =>PUP.OptimizerPro ~ MSI: 4 link(s) detected in 00mn 08s End of the scan (1540 lines in 00mn 44s)(0)